{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7262", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "state": "PUBLISHED", "assignerShortName": "ESET", "dateReserved": "2024-07-30T07:50:53.765Z", "datePublished": "2024-08-15T14:24:44.511Z", "dateUpdated": "2024-09-03T16:20:22.356Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.wps.com/", "defaultStatus": "unknown", "platforms": ["Windows"], "product": "WPS Office", "vendor": "Kingsoft", "versions": [{"lessThan": "12.2.0.16412", "status": "affected", "version": "12.2.0.13110", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "analyst", "value": "Romain DUMONT (ESET)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Improper path validation in <b>promecefpluginhost.exe</b> in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.<br>The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document<br></div>"}], "value": "Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\nThe vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exploit found in-the-wild.<br>"}], "value": "Exploit found in-the-wild."}], "impacts": [{"capecId": "CAPEC-17", "descriptions": [{"lang": "en", "value": "CAPEC-17: Using Malicious Files"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N/RE:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "A user clicking on a crafted hyperlink could lead to arbitrary code execution"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2024-08-22T05:51:23.952Z"}, "references": [{"url": "https://www.wps.com/whatsnew/pc/20240422/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to latest version<br>"}], "value": "Update to latest version"}], "source": {"discovery": "EXTERNAL"}, "tags": ["x_known-exploited-vulnerability"], "title": "Arbitrary Code Execution in WPS Office", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "kingsoft", "product": "wps_office", "cpes": ["cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12.2.0.13110", "status": "affected", "lessThan": "12.2.0.13489", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-31T03:55:30.362677Z", "id": "CVE-2024-7262", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-09-03", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T16:20:22.356Z"}, "timeline": [{"time": "2024-09-03T00:00:00+00:00", "lang": "en", "value": "CVE-2024-7262 added to CISA KEV"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7262", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-31T03:55:30.362677Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-09-03", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "affected": [{"cpes": ["cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:*:*:*"], "vendor": "kingsoft", "product": "wps_office", "versions": [{"status": "affected", "version": "12.2.0.13110", "lessThan": "12.2.0.13489", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T14:57:10.707Z"}, "timeline": [{"lang": "en", "time": "2024-09-03T00:00:00+00:00", "value": "CVE-2024-7262 added to CISA KEV"}]}], "cna": {"tags": ["x_known-exploited-vulnerability"], "title": "Arbitrary Code Execution in WPS Office", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "analyst", "value": "Romain DUMONT (ESET)"}], "impacts": [{"capecId": "CAPEC-17", "descriptions": [{"lang": "en", "value": "CAPEC-17: Using Malicious Files"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N/RE:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "A user clicking on a crafted hyperlink could lead to arbitrary code execution"}]}], "affected": [{"vendor": "Kingsoft", "product": "WPS Office", "versions": [{"status": "affected", "version": "12.2.0.13110", "lessThan": "12.2.0.16412", "versionType": "custom"}], "platforms": ["Windows"], "collectionURL": "https://www.wps.com/", "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "Exploit found in-the-wild.", "supportingMedia": [{"type": "text/html", "value": "Exploit found in-the-wild.<br>", "base64": false}]}], "solutions": [{"lang": "en", "value": "Update to latest version", "supportingMedia": [{"type": "text/html", "value": "Update to latest version<br>", "base64": false}]}], "references": [{"url": "https://www.wps.com/whatsnew/pc/20240422/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\nThe vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document", "supportingMedia": [{"type": "text/html", "value": "<div>Improper path validation in <b>promecefpluginhost.exe</b> in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.<br>The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document<br></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2024-08-22T05:51:23.952Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7262", "state": "PUBLISHED", "dateUpdated": "2024-09-03T16:20:22.356Z", "dateReserved": "2024-07-30T07:50:53.765Z", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "datePublished": "2024-08-15T14:24:44.511Z", "assignerShortName": "ESET"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-09-24", "cisaExploitAdd": "2024-09-03", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Kingsoft WPS Office Path Traversal Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D31BAD7-C75A-4809-ABD7-760B4C5FD8D3", "versionEndExcluding": "12.2.0.16412", "versionStartIncluding": "12.2.0.13110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\nThe vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document"}, {"lang": "es", "value": " La validaci\u00f3n de ruta incorrecta en promecefpluginhost.exe en la versi\u00f3n Kingsoft WPS Office que va desde 12.2.0.13110 a 12.2.0.13489 (incluida) en Windows permite a un atacante cargar una librer\u00eda arbitraria de Windows. La vulnerabilidad se encontr\u00f3 armada como un exploit de un solo clic en forma de un documento de hoja de c\u00e1lculo enga\u00f1oso."}], "id": "CVE-2024-7262", "lastModified": "2024-09-05T13:30:33.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:L/U:X", "version": "4.0", "vulnerabilityResponseEffort": "LOW", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "security@eset.com", "type": "Secondary"}]}, "published": "2024-08-15T15:15:22.290", "references": [{"source": "security@eset.com", "tags": ["Vendor Advisory"], "url": "https://www.wps.com/whatsnew/pc/20240422/"}], "sourceIdentifier": "security@eset.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@eset.com", "type": "Secondary"}]}

{}