CVE-2024-7263

Published: Aug 15, 2024

Modified: Aug 22, 2024

PUBLISHED

Description

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.

Vendor	Product	Versions
Kingsoft	WPS Office	affected `12.2.0.13110 - < 12.2.0.17115`

Weaknesses (CWE)

CWE-22

References

https://www.wps.com/whatsnew/pc/20240422/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-7263

Description

Affected Products

Weaknesses (CWE)

References