CVE-2024-7262

HIGHCISA KEV

7.8

Description

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

Details CVE

Score CVSS v3.17.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie8/15/2024

Derniere modification10/30/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurKingsoft

ProduitWPS Office

Nom vulnerabiliteKingsoft WPS Office Path Traversal Vulnerability

Date ajout KEV2024-09-03

Date limite remediation2024-09-24

Utilise dans ransomwareUnknown

Produits affectes

kingsoft:wps_officemicrosoft:windows

Faiblesses (CWE)

CWE-22CWE-22

References

https://www.wps.com/whatsnew/pc/20240422/(security@eset.com)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.