First published: Wed Mar 09 2022(Updated: )
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Kingsoft Wps Office | <11.2.0.10258 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-25943 is a vulnerability in WPS Office for Windows versions prior to v11.2.0.10258 that fails to configure the ACL for the installation directory.
CVE-2022-25943 affects WPS Office for Windows versions prior to v11.2.0.10258 by improperly configuring the ACL for the directory where the service program is installed.
CVE-2022-25943 has a severity rating of 7.8 (High).
To fix CVE-2022-25943, update WPS Office for Windows to version v11.2.0.10258 or later.
You can find more information about CVE-2022-25943 at the following references: [GitHub](https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE), [JVN](https://jvn.jp/en/vu/JVNVU90673830/), [WPS Office](https://www.wps.com/whatsnew/pc/20210806/).