Improper Path Validation in Kingsoft WPS Office Enables Library Loading
Incorrect path validation in promecefpluginhost.exe in Kingsoft WPS Office versions 12.2.0.13110 to 12.2.0.13489 on Windows lets an attacker load any Windows library. Using the MHTML format, an attacker can deliver a bad library when the document is opened. Clicking on a crafted hyperlink will run the malicious library.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kingsoft wps office |
South Korean hackers exploited WPS Office zero-day to deploy malware By Bill Toulas August 28, 2024 06:50 PM 0 The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. WPS Office is a productivity suite developed by the Chinese firm Kingsoft that is popular in Asia. Reportedly, it has over 500 million active users worldwide. The zero-day flaw, trac...