Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-xx3f-44rh-4g76

Опубликовано: 15 авг. 2024
Источник: github
Github: Не прошло ревью
CVSS4: 9.3
CVSS3: 7.8

Описание

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. Another hyperlink parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. Another hyperlink parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.

Ссылки

EPSS

Процентиль: 16%
0.00052
Низкий

9.3 Critical

CVSS4

7.8 High

CVSS3

CVE ID

CVE-2024-7263

Дефекты

CWE-22

Связанные уязвимости

nvd логотип

CVE-2024-7263

CVSS3: 7.8
nvd
около 1 года назад

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.

fstec логотип

BDU:2024-10313

CVSS3: 7.8
fstec
около 1 года назад

Уязвимость исполняемого файла promecefpluginhost.exe подсистемы Prome CEF SubProcess пакета офисных программ WPS Office операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 16%
0.00052
Низкий

9.3 Critical

CVSS4

7.8 High

CVSS3

CVE ID

CVE-2024-7263

Дефекты

CWE-22