Description
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.kingsoft.jp/support-info/weakness.html
Third Party Advisory third-party-advisory
x_refsource_jvn
https://jvn.jp/en/jp/JVN21234459/
Scores
CVSS v3
7.8
EPSS
0.0077
EPSS Percentile
50.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
kingsoft/wps_office
10.8.0.6186
Published
Mar 17, 2022
Tracked Since
Feb 18, 2026