CVE-2022-25969

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

Published: Mar 17, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-25969
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-427

Affected Software
References

Software	From	Fixed in
kingsoft / wps_office	10.8.0.6186	10.8.0.6186.x

https://jvn.jp/en/jp/JVN21234459/
https://support.kingsoft.jp/support-info/weakness.html

Vulnerability Database

289,697

CVE-2022-25969