Lucene search
+L

454 matches found

cvelist
cvelist
added 2024/08/15 2:29 p.m.53 views

CVE-2024-7263 Arbitrary Code Execution in WPS Office

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...

9.3CVSS0.0039EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/08/15 2:24 p.m.116 views

CVE-2024-7262 Arbitrary Code Execution in WPS Office

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

9.3CVSS7.5AI score0.01773EPSS
Exploits0References1
cve
cve
added 2024/08/15 2:24 p.m.289 views

CVE-2024-7262

Kingsoft WPS Office for Windows is affected by CVE-2024-7262 due to improper path validation in promecefpluginhost.exe. Versions 12.2.0.13110–12.2.0.16412 (exclusive) are exploitable via a weaponized, single-click embedded spreadsheet document that can load an arbitrary Windows library. Connected...

9.3CVSS7.5AI score0.01773EPSS
In wildExploits0References2Affected Software1
attackerkb
attackerkb
added 2024/08/15 12:0 a.m.27 views

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

9.3CVSS6.9AI score0.01773EPSS
In wildExploits0References2
cnnvd
cnnvd
added 2024/08/15 12:0 a.m.5 views

Kingsoft WPS Office 路径遍历漏洞

Kingsoft WPS Office is a kind of office software from Kingsoft China. It provides document processing functions. A path traversal vulnerability exists in Kingsoft WPS Office versions 12.2.0.13110 through 12.2.0.13489, which stems from improper path validation in promecefpluginhost.exe. An attacke...

9.3CVSS7.6AI score0.0039EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/08/15 12:0 a.m.7 views

Kingsoft WPS Office 路径遍历漏洞

Kingsoft WPS Office is a kind of office software from Kingsoft China. It provides document processing functions. A path traversal vulnerability exists in Kingsoft WPS Office versions 12.2.0.13110 through 12.2.0.13489, which stems from improper path validation in promecefpluginhost.exe. An attacke...

9.3CVSS7.7AI score0.01773EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/05/14 12:0 a.m.4 views

Kingsoft WPS 安全漏洞

Kingsoft WPS is a kind of office software from Kingsoft, a Chinese company. It provides document processing functions. A security vulnerability exists in Kingsoft WPS versions prior to 17.0.0, which stems from the inability to properly clean up filenames before they are interactively processed...

7.8CVSS6.7AI score0.00753EPSS
Exploits0References3
vulncheck_kev
vulncheck_kev
added 2024/02/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-7262

Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library...

9.3CVSS7.4AI score0.01773EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/11/27 12:0 a.m.6 views

Kingsoft WPS Security Vulnerability

Kingsoft WPS is a kind of office software from Kingsoft, a Chinese company. It provides document processing functionality. A security vulnerability exists in Kingsoft WPS prior to version 11.2.0.11537, which stems from an uninitialized pointer usage vulnerability in the function that handles data...

8.8CVSS6.7AI score0.01692EPSS
Exploits0References1
cnvd
cnvd
added 2023/08/28 12:0 a.m.24 views

Command Execution Vulnerability in WPS Windows Edition of Zhuhai Kingsoft Office Software Co.

WPS is an office software. A command execution vulnerability exists in WPS Windows Edition of Zhuhai Kingsoft Office Software Limited, which can be exploited by attackers to execute arbitrary code...

8AI score
Exploits0
cnvd
cnvd
added 2023/08/11 12:0 a.m.13 views

Remote Code Execution Vulnerability in WPS Office of Zhuhai Kingsoft Office Software Co.

WPS Office is an office software suite from Zhuhai Kingsoft Office Software Co. A remote code execution vulnerability exists in WPS Office of Zhuhai Kingsoft Office Software Co. Ltd, which can be exploited by attackers to gain server privileges...

8.1AI score
Exploits0
cnnvd
cnnvd
added 2023/06/12 12:0 a.m.6 views

Kingsoft Installer of WPS Office 操作系统命令注入漏洞

Kingsoft Installer of WPS Office is an installation and setup program for WPS Office from Kingsoft, a Chinese company. A security vulnerability exists in Kingsoft Installer of WPS Office version 10.8.0.6186. An attacker can exploit the vulnerability to execute arbitrary operating system commands...

8.1CVSS8.3AI score0.0106EPSS
Exploits0References4
jvn
jvn
added 2023/06/12 12:0 a.m.32 views

JVN#36060509: "WPS Office" vulnerable to OS command injection

"WPS Office" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability CWE-78. Impact If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be...

8.1CVSS8.2AI score0.0106EPSS
Exploits0
cnnvd
cnnvd
added 2022/05/09 12:0 a.m.5 views

金山软件 WPS 资源管理错误漏洞

Kingsoft WPS is a kind of office software from Kingsoft, a Chinese company. It provides document processing functions. A resource management error vulnerability exists in Kingsoft WPS Spreadsheets ET 11.2.0.10351, which originates from a specially crafted XLS file that can be reused after release...

8.8CVSS8.2AI score0.01273EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2022/04/13 12:0 a.m.7 views

The vulnerability of the KWatch3.sys driver (Kingsoft Antivirus KWatch Driver), a part of the Kingsoft Internet Security 9 Plus antivirus protection software, allows a hacker to execute arbitrary code.

The vulnerability of the KWatch3.sys driver Kingsoft Antivirus KWatch Driver, a component of the Kingsoft Internet Security 9 Plus antivirus protection software, is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

8.8CVSS7.9AI score0.00741EPSS
Exploits1References6Affected Software1
osv
osv
added 2022/03/23 10:15 p.m.4 views

CVE-2022-24934

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...

9.8CVSS8.1AI score0.2047EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/03/23 10:15 p.m.10 views

CVE-2022-24934

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...

9.8CVSS6.4AI score0.2047EPSS
Exploits1References3
prion
prion
added 2022/03/23 10:15 p.m.24 views

Remote code execution

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...

7.5CVSS9.7AI score0.2047EPSS
Exploits1References2Affected Software1
cve
cve
added 2022/03/23 9:19 p.m.115 views

CVE-2022-24934

Summary: CVE-2022-24934 affects Kingsoft WPS Office’s wpsupdater.exe up to version 11.2.0.10382. The issue allows remote code execution by modifying the HKEY_CURRENT_USER registry. Various sources (NVD, Red Hat, CVE lists, PT Security advisory) corroborate the impact and affected component. The r...

9.8CVSS9.7AI score0.2047EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2022/03/23 9:19 p.m.29 views

CVE-2022-24934

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...

10AI score0.2047EPSS
Exploits1References2
Rows per page
Query Builder