← Voltar para CVEs
CVE-2024-7262
HIGHCISA KEV7.8
Descricao
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
Detalhes CVE
Pontuacao CVSS v3.17.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado8/15/2024
Ultima modificacao10/30/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorKingsoft
ProdutoWPS Office
Nome da vulnerabilidadeKingsoft WPS Office Path Traversal Vulnerability
Data inclusao KEV2024-09-03
Prazo de remediacao2024-09-24
Uso em ransomwareUnknown
Produtos afetados
kingsoft:wps_officemicrosoft:windows
Fraquezas (CWE)
CWE-22CWE-22
Referencias
https://www.wps.com/whatsnew/pc/20240422/(security@eset.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.