CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

Exploit prediction scoring system (EPSS) score

EPSS Score 0.202

EPSS Ranking 95.2%

CVSS Severity

CVSS v3 Score 7.8

Proposed Action

Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.

Ransomware Campaign

Unknown

References

https://www.wps.com/whatsnew/pc/20240422/

Products affected by CVE-2024-7262

Kingsoft » Wps Office » Version: 12.2.0.13110

cpe:2.3:a:kingsoft:wps_office:12.2.0.13110
Kingsoft » Wps Office » Version: 12.2.0.13489

cpe:2.3:a:kingsoft:wps_office:12.2.0.13489
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7262

Products

Pricing

Contact Us