What is the severity of CVE-2024-7263?

CVE-2024-7263 has a high severity rating due to the potential for arbitrary code execution.

How do I fix CVE-2024-7263?

To fix CVE-2024-7263, update Kingsoft WPS Office to version 12.2.0.17153 or later.

What does CVE-2024-7263 allow an attacker to do?

CVE-2024-7263 allows an attacker to load arbitrary Windows libraries, potentially leading to code execution.

Which versions of Kingsoft WPS Office are affected by CVE-2024-7263?

Kingsoft WPS Office versions ranging from 12.2.0.13110 to 12.2.0.17115 are affected by CVE-2024-7263.

Is Microsoft Windows vulnerable to CVE-2024-7263?

No, Microsoft Windows itself is not considered vulnerable to CVE-2024-7263.

Vulnerability/
CVE-2024-7263

critical

9.3

CWE

EPSS

0.055%

15/8/2024

22/8/2024

CVE-2024-7263: Arbitrary Code Execution in WPS Office

First published: Thu Aug 15 2024(Updated: )

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.

Credit: security@eset.com

Affected Software	Affected Version	How to fix
All of
WPS Office	>=2.2.0.13110<12.2.0.17153
Microsoft Windows Operating System

Remedy

Update to latest version

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-7263?
CVE-2024-7263 has a high severity rating due to the potential for arbitrary code execution.
How do I fix CVE-2024-7263?
To fix CVE-2024-7263, update Kingsoft WPS Office to version 12.2.0.17153 or later.
What does CVE-2024-7263 allow an attacker to do?
CVE-2024-7263 allows an attacker to load arbitrary Windows libraries, potentially leading to code execution.
Which versions of Kingsoft WPS Office are affected by CVE-2024-7263?
Kingsoft WPS Office versions ranging from 12.2.0.13110 to 12.2.0.17115 are affected by CVE-2024-7263.
Is Microsoft Windows vulnerable to CVE-2024-7263?
No, Microsoft Windows itself is not considered vulnerable to CVE-2024-7263.

agent/remedy
agent/weakness
agent/title
agent/type
agent/first-publish-date
agent/author
agent/severity
agent/last-modified-date
collector/mitre-cve
source/MITRE
agent/description
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-7262
alias/CVE-2024-7263
agent/references
agent/event
collector/epss-latest
source/FIRST
agent/epss
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/kingsoft
canonical/wps office
version/wps office/2.2.0.13110
vendor/microsoft
canonical/microsoft windows operating system

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.