Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
References
Link | Resource |
---|---|
https://www.wps.com/whatsnew/pc/20240422/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
22 Aug 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document |
16 Aug 2024, 14:25
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Microsoft
Kingsoft wps Office Microsoft windows Kingsoft |
|
References | () https://www.wps.com/whatsnew/pc/20240422/ - Vendor Advisory |
16 Aug 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 (inclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document |
15 Aug 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-15 15:15
Updated : 2024-09-05 13:30
NVD link : CVE-2024-7262
Mitre link : CVE-2024-7262
CVE.ORG link : CVE-2024-7262
JSON object : View
Products Affected
microsoft
- windows
kingsoft
- wps_office
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')