Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2024-7262
HistorySep 03, 2024 - 12:00 a.m.

Kingsoft WPS Office Path Traversal Vulnerability

2024-09-0300:00:00
CISA
www.cisa.gov
202
kingsoft wps office
path traversal
vulnerability
promecefpluginhost.exe
windows
attacker
arbitrary windows library

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:N/RE:L

AI Score

6.9

Confidence

Low

EPSS

0.011

Percentile

85.1%

JSON

Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.

Related

vulnrichment 2
nvd 2
cvelist 2
nessus 2
attackerkb 1
cve 2
jvn 1
thn 1
vulnrichment
vulnrichment
CVE-2024-7262 Arbitrary Code Execution in WPS Office
2024-08-15 14:24:44
CVE-2024-7263 Arbitrary Code Execution in WPS Office
2024-08-15 14:29:04
nvd
nvd
CVE-2024-7262
2024-08-15 15:15:22
CVE-2024-7263
2024-08-15 15:15:22
cvelist
cvelist
CVE-2024-7262 Arbitrary Code Execution in WPS Office
2024-08-15 14:24:44
CVE-2024-7263 Arbitrary Code Execution in WPS Office
2024-08-15 14:29:04
nessus
nessus
Kingsoft WPS Office 12.2.0.13110 < 12.2.0.16412 Arbitrary Code Execution (CVE-2024-7262)
2024-09-05 00:00:00
Kingsoft WPS Office 12.2.0.13110 < 12.2.0.17119 Arbitrary Code Execution (CVE-2024-7263)
2024-09-05 00:00:00
attackerkb
attackerkb
CVE-2024-7262
2024-08-15 00:00:00
cve
cve
CVE-2024-7262
2024-08-15 15:15:22
CVE-2024-7263
2024-08-15 15:15:22
jvn
jvn
JVN#32529796: Multiple products from KINGSOFT JAPAN vulnerable to path traversal
2024-09-06 00:00:00
thn
thn
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
2024-08-28 13:48:00

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:N/RE:L

AI Score

6.9

Confidence

Low

EPSS

0.011

Percentile

85.1%

JSON
Related for CISA-KEV-CVE-2024-7262
vulnrichment2nvd2cvelist2nessus2attackerkb1cve2jvn1thn1