CVE-2024-7263

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 15, 2024
Updated: Aug 16, 2024
CWE ID 22

Summary

CVE-2024-7263 is a newly disclosed vulnerability affecting Kingsoft WPS Office on Windows. This issue arises from improper path validation in promecefpluginhost.exe, which allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to address CVE-2024-7262 did not go far enough, as another parameter was not adequately sanitized, enabling the exploitation of this vulnerability. The consequence of this vulnerability can range from information disclosure to system compromise, posing a significant risk to users running affected versions of the software. Users are strongly advised to update to the latest version, 12.2.0.17154 or later, to protect against this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share