CVE-2024-7262

HIGH KEV

Kingsoft Wps Office < 12.2.0.16412 - Path Traversal

Title source: rule

Description

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

References (2)

[Vendor Advisory] https://www.wps.com/whatsnew/pc/20240422/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262

Scores

CVSS v3 7.8

EPSS 0.1236

EPSS Percentile 93.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-09-03

VulnCheck KEV 2024-02-29

InTheWild.io 2024-02-29

ENISA EUVD EUVD-2024-48209

CWE

CWE-22

Status published

Products (1)

kingsoft/wps_office 12.2.0.13110 - 12.2.0.16412

Published Aug 15, 2024

KEV Added Sep 03, 2024

Tracked Since Feb 18, 2026