CVE-2024-13187: Kingsoft WPS Office TCC code injection
First published: Wed Jan 08 2025(Updated: )
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WPS Office |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-13187?
CVE-2024-13187 has been declared as critical due to its potential for code injection.
How do I fix CVE-2024-13187?
To fix CVE-2024-13187, you should update Kingsoft WPS Office to the latest version provided by the vendor.
What are the potential impacts of CVE-2024-13187?
The impact of CVE-2024-13187 includes unauthorized code execution on the local host.
Which versions of Kingsoft WPS Office are affected by CVE-2024-13187?
CVE-2024-13187 affects Kingsoft WPS Office version 6.14.0 on macOS.
What is the attack vector for CVE-2024-13187?
The attack vector for CVE-2024-13187 is local, allowing an attacker to manipulate TCC Handler functionality.
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/kingsoft
- canonical/wps office