CVE-2024-7262
Arbitrary Code Execution in WPS Office
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- July 30, 2024
- Published Date
- August 15, 2024
- Last Updated
- September 03, 2024
- Vendor
- Kingsoft
- Product
- WPS Office
- Description
- Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
CVSS Scores
CVSS v4.0
9.3 - CRITICAL
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N/RE:L
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2024-09-03 00:00:00 UTC) Source
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-09-03 00:00:00 UTC |