7.8
CVSSv3

CVE-2024-7262

Published: 15/08/2024 Updated: 05/09/2024

Vulnerability Summary

Improper Path Validation in Kingsoft WPS Office Enables Library Loading

Incorrect path validation in promecefpluginhost.exe in Kingsoft WPS Office versions 12.2.0.13110 to 12.2.0.13489 on Windows lets an attacker load any Windows library. Using the MHTML format, an attacker can deliver a bad library when the document is opened. Clicking on a crafted hyperlink will run the malicious library.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kingsoft wps office

Recent Articles

South Korean hackers exploited WPS Office zero-day to deploy malware
BleepingComputer • Bill Toulas • 28 Aug 2024

South Korean hackers exploited WPS Office zero-day to deploy malware By Bill Toulas August 28, 2024 06:50 PM 0 The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. WPS Office is a productivity suite developed by the Chinese firm Kingsoft that is popular in Asia. Reportedly, it has over 500 million active users worldwide. The zero-day flaw, trac...