Back to KEVs

CVE-2024-7262

Arbitrary Code Execution in WPS Office

Basic Information

CVE State
PUBLISHED
Reserved Date
July 30, 2024
Published Date
August 15, 2024
Last Updated
September 03, 2024
Vendor
Kingsoft
Product
WPS Office
Description
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
Tags
windows cisa

CVSS Scores

CVSS v4.0

9.3 - CRITICAL

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N/RE:L

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2024-09-03 00:00:00 UTC) Source

References

https://www.wps.com/whatsnew/pc/20240422/

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-09-03 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel