First published: Thu Mar 17 2022(Updated: )
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Kingsoft Wps Office | =10.8.0.5745 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-26081 is a vulnerability found in the installer of WPS Office Version 10.8.0.5745 that allows an attacker to execute arbitrary code with the user's privilege.
The severity of CVE-2022-26081 is high, with a CVSS score of 7.8.
CVE-2022-26081 works by insecurely loading the shcore.dll library during the WPS Office installer process, which can be exploited by an attacker to execute arbitrary code.
To fix CVE-2022-26081, update WPS Office to a version that is not affected by this vulnerability.
You can find more information about CVE-2022-26081 at the following references: [1] https://jvn.jp/en/jp/JVN21234459/ [2] https://support.kingsoft.jp/support-info/weakness.html