CVE-2024-7262

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 15, 2024

Updated: Aug 16, 2024

CWE ID 22

Summary

CVE-2024-7262 is a new vulnerability affecting Kingsoft WPS Office, specifically versions 12.2.0.13110 to 12.2.0.13489 on Windows. This issue stems from improper path validation in promecefpluginhost.exe, resulting in an attacker's ability to load an arbitrary Windows library. The consequence of this action can lead to code execution with the same privileges as the application, potentially allowing malicious activities. A single-click exploit in the form of a deceptive spreadsheet document has already been discovered, taking advantage of this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Kingsoft Corporation Limited

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xx94Rh
https://www.cve.org/CVERecord?id=CVE-2024-7262
https://nvd.nist.gov/vuln/detail/CVE-2024-7262

Back to Vulnerability Database

CVE-2024-7262

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations