CVE-2024-7262 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Kingsoft WPS Office Path Traversal Vulnerability

Exploit added

September 3, 2024

Action due

September 24, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

References

https://www.wps.com/whatsnew/pc/20240422/

Weakness Enumeration

CWE-ID	CWE Name
CWE-22	Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Known Affected Software Configurations

cpe:2.3:a:kingsoft:wps_office:11.2.0.10017:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10101:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10132:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10176:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10200:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10223:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10258:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10296:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10351:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10382:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10421:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10426:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10443:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.10463:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11029:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11042:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11074:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11130:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11156:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11191:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11254:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11306:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11341:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11380:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11417:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11440:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11486:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11513:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11516:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11536:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.11537:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.8668:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.8684:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.8893:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.8934:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.8942:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.8970:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.8991:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9031:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9052:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9070:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9107:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9127:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9144:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9169:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9232:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9255:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9281:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9327:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9363:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9396:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9431:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9453:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9629:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9665:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9684:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9718:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9739:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9747:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9906:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9937:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9984:::::::*
cpe:2.3:a:kingsoft:wps_office:10.8.0.5745:::::::*
cpe:2.3:a:kingsoft:wps_office:10.8.0.6186:::::::*
cpe:2.3:a:kingsoft:wps_office:11.2.0.9403:::::::*
cpe:2.3:a:kingsoft:wps_office:-:::::::*

Details

Source:
NVD

Published:
August 15, 2024

Updated:
September 5, 2024

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2

Not defined