What is the severity of CVE-2024-7262?

CVE-2024-7262 is considered a critical vulnerability due to its potential for an attacker to load arbitrary libraries.

How can I fix CVE-2024-7262?

To fix CVE-2024-7262, update Kingsoft WPS Office to a version newer than 12.2.0.16412.

Which versions of Kingsoft WPS Office are affected by CVE-2024-7262?

CVE-2024-7262 affects Kingsoft WPS Office versions from 12.2.0.13110 to 12.2.0.16412 (exclusive).

What type of attack does CVE-2024-7262 facilitate?

CVE-2024-7262 allows attackers to exploit improper path validation to load arbitrary Windows libraries.

Is CVE-2024-7262 specific to certain operating systems?

CVE-2024-7262 is specifically a vulnerability identified in software running on Microsoft Windows.

Vulnerability/
CVE-2024-7262

Exploited

critical

9.3

CWE

EPSS

1.147%

15/8/2024

5/9/2024

CVE-2024-7262: Kingsoft WPS Office Path Traversal Vulnerability

First published: Thu Aug 15 2024(Updated: )

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

Credit: security@eset.com security@eset.com

Affected Software	Affected Version	How to fix
WPS Office
All of
WPS Office	>=12.2.0.13110<12.2.0.16412
Microsoft Windows

Remedy

Update to latest version

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-7262?
CVE-2024-7262 is considered a critical vulnerability due to its potential for an attacker to load arbitrary libraries.
How can I fix CVE-2024-7262?
To fix CVE-2024-7262, update Kingsoft WPS Office to a version newer than 12.2.0.16412.
Which versions of Kingsoft WPS Office are affected by CVE-2024-7262?
CVE-2024-7262 affects Kingsoft WPS Office versions from 12.2.0.13110 to 12.2.0.16412 (exclusive).
What type of attack does CVE-2024-7262 facilitate?
CVE-2024-7262 allows attackers to exploit improper path validation to load arbitrary Windows libraries.
Is CVE-2024-7262 specific to certain operating systems?
CVE-2024-7262 is specifically a vulnerability identified in software running on Microsoft Windows.

agent/type
agent/first-publish-date
agent/severity
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-7262
alias/CVE-2024-7263
agent/remedy
agent/description
agent/last-modified-date
collector/mitre-cve
source/MITRE
agent/title
agent/weakness
collector/the-register
source/The Register
agent/references
agent/softwarecombine
agent/author
agent/event
collector/epss-latest
source/FIRST
agent/epss
agent/trending
agent/source
agent/tags
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
collector/nvd-api
vendor/kingsoft
canonical/wps office
version/wps office/12.2.0.13110
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.