CVEs-PoC/2021/CVE-2021-40399.md

### [CVE-2021-40399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40399)
![](https://img.shields.io/static/v1?label=Product&message=WPS%20Office&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%2011.2.0.10351%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen)

### Description

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1412

#### Github
No PoCs found on GitHub currently.