The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
References
Link | Resource |
---|---|
https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE | Exploit Third Party Advisory |
https://jvn.jp/en/vu/JVNVU90673830/ | Third Party Advisory |
https://www.wps.com/whatsnew/pc/20210806/ | Product |
https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE | Exploit Third Party Advisory |
https://jvn.jp/en/vu/JVNVU90673830/ | Third Party Advisory |
https://www.wps.com/whatsnew/pc/20210806/ | Product |
Configurations
History
21 Nov 2024, 06:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE - Exploit, Third Party Advisory | |
References | () https://jvn.jp/en/vu/JVNVU90673830/ - Third Party Advisory | |
References | () https://www.wps.com/whatsnew/pc/20210806/ - Product |
14 Mar 2022, 19:59
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
CWE | CWE-276 | |
CPE | cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:windows:*:* | |
References | (JVN) https://jvn.jp/en/vu/JVNVU90673830/ - Third Party Advisory | |
References | (MISC) https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE - Exploit, Third Party Advisory | |
References | (CONFIRM) https://www.wps.com/whatsnew/pc/20210806/ - Product |
09 Mar 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-09 05:15
Updated : 2024-11-21 06:53
NVD link : CVE-2022-25943
Mitre link : CVE-2022-25943
CVE.ORG link : CVE-2022-25943
JSON object : View
Products Affected
kingsoft
- wps_office
CWE
CWE-276
Incorrect Default Permissions