CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

Published: Aug 15, 2024
Updated: Aug 23, 2024
CVE: CVE-2024-7262
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
kingsoft / wps_office	12.2.0.13110	12.2.0.16412

https://www.wps.com/whatsnew/pc/20240422/

Vulnerability Database

289,697

CVE-2024-7262