Lucene search
ESETCVELIST:CVE-2024-7262HistoryAug 15, 2024 - 2:24 p.m.
CVE-2024-7262 Arbitrary Code Execution in WPS Office
2024-08-1514:24:44
CWE-22
ESET
www.cve.org
10
cve-2024-7262; wps office; arbitrary code execution; improper path validation; windows library; single-click exploit; spreadsheet document
CVSS4
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:N/RE:L
EPSS
0.011
Percentile
85.1%
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
CNA Affected
[
{
"collectionURL": "https://www.wps.com/",
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "WPS Office",
"vendor": "Kingsoft",
"versions": [
{
"lessThan": "12.2.0.16412",
"status": "affected",
"version": "12.2.0.13110",
"versionType": "custom"
}
]
}
]References
Related
vulnrichment
vulnrichment
CVE-2024-7262 Arbitrary Code Execution in WPS Office
2024-08-15 14:24:44
CVE-2024-7263 Arbitrary Code Execution in WPS Office
2024-08-15 14:29:04
cisa_kev
cisa_kev
Kingsoft WPS Office Path Traversal Vulnerability
2024-09-03 00:00:00
nvd
nvd
CVE-2024-7262
2024-08-15 15:15:22
CVE-2024-7263
2024-08-15 15:15:22
nessus
nessus
attackerkb
attackerkb
CVE-2024-7262
2024-08-15 00:00:00
cve
cve
CVE-2024-7262
2024-08-15 15:15:22
CVE-2024-7263
2024-08-15 15:15:22
cvelist
cvelist
CVE-2024-7263 Arbitrary Code Execution in WPS Office
2024-08-15 14:29:04
jvn
jvn
thn
thn
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
2024-08-28 13:48:00
CVSS4
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:N/RE:L
EPSS
0.011
Percentile
85.1%
Related for CVELIST:CVE-2024-7262