CVE-2024-7263

Опубликовано: 15 авг. 2024

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.

Ссылки

https://www.wps.com/whatsnew/pc/20240422/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:*:*:*

Версия от 12.2.0.13110 (включая) до 12.2.0.17153 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00052

Низкий

7.8 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-xx3f-44rh-4g76

CVSS3: 7.8

github

около 1 года назад

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. Another hyperlink parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.

BDU:2024-10313

CVSS3: 7.8

fstec

около 1 года назад

Уязвимость исполняемого файла promecefpluginhost.exe подсистемы Prome CEF SubProcess пакета офисных программ WPS Office операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 16%

0.00052

Низкий

7.8 High

CVSS3

Дефекты

CWE-22