CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ESETCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
kingsoftwps_office
12.2.0.13110 ≤
𝑥
< 12.2.0.16412
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.wps.com/whatsnew/pc/20240422/