CVE-2024-11957: Arbitrary Code Execution in WPS Office
First published: Tue Mar 04 2025(Updated: )
Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough.
Credit: security@eset.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WPS Office | <=12.1.0.18276 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11957?
CVE-2024-11957 has a high severity rating due to its potential for arbitrary code execution.
How do I fix CVE-2024-11957?
To mitigate the effects of CVE-2024-11957, upgrade to Kingsoft WPS Office version 12.2.0.16909 or later.
What type of vulnerability is CVE-2024-11957?
CVE-2024-11957 is an improper verification vulnerability that allows for the loading of arbitrary Windows libraries.
Which versions of WPS Office are affected by CVE-2024-11957?
Versions of Kingsoft WPS Office equal to or less than 12.1.0.18276 are affected by CVE-2024-11957.
What can an attacker do with CVE-2024-11957?
An attacker can exploit CVE-2024-11957 to execute arbitrary code on the affected Windows system.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/source
- agent/author
- agent/tags
- agent/event
- vendor/kingsoft
- canonical/wps office