WPS Office Vulns Report

Two critical vulnerabilities have been identified in Kingsoft WPS Office affecting versions 12.2.0.13110 to 12.2.0.13489 and earlier than 12.2.0.17153, respectively. The first vulnerability allows path traversal through the Hyperlink Handler component, while the second permits DLL hijacking via improper path validation. Remediation includes upgrading to version 12.2.0.17153 or later and implementing various security settings to mitigate the risks.

Uploaded by

Abdo Bodabous

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

37 views1 page

WPS Office Vulns Report

Uploaded by

Abdo Bodabous

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1

WPS Office vulnerabilities (August 2024)

Kingsoft WPS Office Path Traversal CVEID : CVE-2024-7262 score 7.8

Vulnerability
Description Affected Affected versions Impact Remediation
components
 A vulnerability was found in  Upgrade to WPS Office version
Kingsoft WPS Office on Windows. It 12.2.0.17153 or later or :
has been rated as critical. The issue  WPS Office  from 12.2.0.13110 (including)  Direct Volume  Disable automatic hyperlink
affects the file to 12.2.0.13489 (including) Access (T1006) handling in WPS Office settings.
‘promecefpluginhost.exe’ in the  Use Windows Group Policy to
Hyperlink Handler component. The block the execution of ‘prome-
vulnerability allows path traversal, cefpluginhost.exe’.
requiring local access to exploit.  Adjust file associations to pre-
vent WPS Office from
handling hyperlink files.

Kingsoft WPS Office DLL Hijacking CVEID : CVE-2024-7263 score 7.8

Description Affected Affected versions Impact Remediation
components
 Improper path validation in  Upgrade to WPS Office version
‘promecefpluginhost.exe’ in Kingsoft 12.2.0.17153 or later, where this
WPS Office on Windows allows an  WPS Office  from 2.2.0.13110 (including)  Hijack Execution vulnerability has been
attacker to load an arbitrary to 12.2.0.17153 (excluding) Flow: DLL Side- mitigated by enhanced input
Windows DLL library. The patch Loading validation and restrictions on
released in version 12.2.0.16909 to (T1574.002) hyperlink parameters.
mitigate CVE-2024-7262 was not
restrictive enough, leading to
arbitrary library execution.

A11 BW Manual
100% (1)
A11 BW Manual
220 pages
Vulnerability in Image Type
No ratings yet
Vulnerability in Image Type
22 pages
1st Quarter Exam G9
No ratings yet
1st Quarter Exam G9
3 pages
HWG6-120-WBT Introduction To Brocade Gen6 Hardware: Student Guide
100% (1)
HWG6-120-WBT Introduction To Brocade Gen6 Hardware: Student Guide
84 pages
DEF CON 32 - Michael Gorelik Arnold Osipov - Outlook Unleashing RCE Chaos CVE-2024-30103 & CVE-2024-38021
No ratings yet
DEF CON 32 - Michael Gorelik Arnold Osipov - Outlook Unleashing RCE Chaos CVE-2024-30103 & CVE-2024-38021
54 pages
Microsoft's July 2023 Patch Tuesday Addresses 130 CVEs
No ratings yet
Microsoft's July 2023 Patch Tuesday Addresses 130 CVEs
8 pages
OLE Object Are Still Dangerous Today - Exploiting Microsoft Office
No ratings yet
OLE Object Are Still Dangerous Today - Exploiting Microsoft Office
76 pages
Microsoft June 2024 Patch Tuesday CVEs
No ratings yet
Microsoft June 2024 Patch Tuesday CVEs
7 pages
Security Bulletin Summary For May 2020 Updates
No ratings yet
Security Bulletin Summary For May 2020 Updates
208 pages
IT Security Pros: Follina Exploit Alert
No ratings yet
IT Security Pros: Follina Exploit Alert
9 pages
Cve 2023 23397
No ratings yet
Cve 2023 23397
9 pages
CVE-2022-30190: Follina Mitigation Guide
No ratings yet
CVE-2022-30190: Follina Mitigation Guide
36 pages
Microsoft Warns
No ratings yet
Microsoft Warns
5 pages
CVEs 2024 JAN - APRIL 4
No ratings yet
CVEs 2024 JAN - APRIL 4
4 pages
Cybersecurity: Stuxnet Vulnerability Analysis
No ratings yet
Cybersecurity: Stuxnet Vulnerability Analysis
67 pages
Advisory
No ratings yet
Advisory
3 pages
WPS O Ce (An Kingsoft O Ce) Is An
No ratings yet
WPS O Ce (An Kingsoft O Ce) Is An
9 pages
Sims Patch Diff BSides Baltimore
No ratings yet
Sims Patch Diff BSides Baltimore
31 pages
Microsoft Exchange Zero-Day Actively Exploited in Attacks (2759)
No ratings yet
Microsoft Exchange Zero-Day Actively Exploited in Attacks (2759)
3 pages
CERT-In Vulnerability Notes-0025
No ratings yet
CERT-In Vulnerability Notes-0025
2 pages
Mailing
No ratings yet
Mailing
9 pages
Cyber Security Newsletter 23-01-2025
No ratings yet
Cyber Security Newsletter 23-01-2025
4 pages
Windows Server & Vista SP2 Updates
No ratings yet
Windows Server & Vista SP2 Updates
200 pages
2021 Top Routinely Exploited Vulnerabilities
No ratings yet
2021 Top Routinely Exploited Vulnerabilities
20 pages
Microsoft Passit4sure 70-744 v2020-03-18 by Eva 124q
No ratings yet
Microsoft Passit4sure 70-744 v2020-03-18 by Eva 124q
69 pages
Caja Blanca Yhn6en
No ratings yet
Caja Blanca Yhn6en
101 pages
IBM Final Case Study
No ratings yet
IBM Final Case Study
6 pages
Malware File Handling Guide
No ratings yet
Malware File Handling Guide
13 pages
ProQuestDocuments 2024-05-27
No ratings yet
ProQuestDocuments 2024-05-27
3 pages
Kaspersky Security
No ratings yet
Kaspersky Security
30 pages
Desktop Ruq79bm 20250106 1708
No ratings yet
Desktop Ruq79bm 20250106 1708
58 pages
Analysis of The Attack Surface of Microsoft Office From User Perspective Final
No ratings yet
Analysis of The Attack Surface of Microsoft Office From User Perspective Final
69 pages
IHR Report
No ratings yet
IHR Report
2 pages
SM EXcel 365 Rce 51328
No ratings yet
SM EXcel 365 Rce 51328
1 page
The 2025 Microsoft 365 Phishing Security Report
No ratings yet
The 2025 Microsoft 365 Phishing Security Report
18 pages
CVEs 2024 JAN - APRIL 3
No ratings yet
CVEs 2024 JAN - APRIL 3
2 pages
Microsoft Windows File Explorer Vulnerability
No ratings yet
Microsoft Windows File Explorer Vulnerability
5 pages
Data Stealing Storm Report 2024
No ratings yet
Data Stealing Storm Report 2024
10 pages
D2T1 - How I Found 16 Microsoft Office Excel Vulnerabilities in 6 Months - Quan Jin
No ratings yet
D2T1 - How I Found 16 Microsoft Office Excel Vulnerabilities in 6 Months - Quan Jin
48 pages
Malware Analysis Fundamentals - Files - Tools: March 26, 2020 Marc Ochsenmeier
No ratings yet
Malware Analysis Fundamentals - Files - Tools: March 26, 2020 Marc Ochsenmeier
14 pages
Final Internal Audit Report: Operating Systems Audit - Microsoft Direct Access
No ratings yet
Final Internal Audit Report: Operating Systems Audit - Microsoft Direct Access
12 pages
Known Bugs and Vulnerabilities
No ratings yet
Known Bugs and Vulnerabilities
3 pages
Tu 1
No ratings yet
Tu 1
3 pages
cl0p Lockbit New Data Breaches Sector Alert
No ratings yet
cl0p Lockbit New Data Breaches Sector Alert
5 pages
2024 CVE Insight
No ratings yet
2024 CVE Insight
10 pages
2018.11.29.attack Pakistan by Exploiting InPage
No ratings yet
2018.11.29.attack Pakistan by Exploiting InPage
32 pages
Analyzing Microsoft Office Documents
No ratings yet
Analyzing Microsoft Office Documents
10 pages
Managed Vulnerability Management - Presentation (November 2024) - Updated
No ratings yet
Managed Vulnerability Management - Presentation (November 2024) - Updated
10 pages
BitCoin Ransomware Incident and Response Report
No ratings yet
BitCoin Ransomware Incident and Response Report
9 pages
(70-744) Securing Windows Server 2016
No ratings yet
(70-744) Securing Windows Server 2016
8 pages
Cyber Espionage in SE Asia
No ratings yet
Cyber Espionage in SE Asia
14 pages
Folder Redirection Worksheet
No ratings yet
Folder Redirection Worksheet
4 pages
Mcafee Labs Threat Advisory: Ransom Cryptolocker
No ratings yet
Mcafee Labs Threat Advisory: Ransom Cryptolocker
9 pages
Haboob Team: Windows Privilege Escalations
No ratings yet
Haboob Team: Windows Privilege Escalations
17 pages
30-Nov-2020 - Microsoft Patches - Pro-Watch
No ratings yet
30-Nov-2020 - Microsoft Patches - Pro-Watch
64 pages
Assignment 3
No ratings yet
Assignment 3
9 pages
Incomplete Scan (Could Not Complete One or More Requested Checks.)
No ratings yet
Incomplete Scan (Could Not Complete One or More Requested Checks.)
5 pages
Bulletin ID MS12-077 MS12-078 MS12-079 MS12-081 MS12-082 MS12-083 MSRT
No ratings yet
Bulletin ID MS12-077 MS12-078 MS12-079 MS12-081 MS12-082 MS12-083 MSRT
3 pages
Malware Analysis Documentación-20241216.zip Malicious Activity - ANY - RUN - Malware Sandbox Online
No ratings yet
Malware Analysis Documentación-20241216.zip Malicious Activity - ANY - RUN - Malware Sandbox Online
19 pages
Aa23-131a Malicious Actors Exploit Cve-2023-27350 in Papercut MF and NG 1-2
No ratings yet
Aa23-131a Malicious Actors Exploit Cve-2023-27350 in Papercut MF and NG 1-2
13 pages
CVEs 2024 JAN - APRIL 1
No ratings yet
CVEs 2024 JAN - APRIL 1
2 pages
Characteristics of DSP
100% (1)
Characteristics of DSP
15 pages
Safry 1
No ratings yet
Safry 1
6 pages
Men 4210 Datasheet
No ratings yet
Men 4210 Datasheet
3 pages
SCCM 2012 Part 1 Notes
No ratings yet
SCCM 2012 Part 1 Notes
50 pages
PRIME Z790-A WIFI Manual
No ratings yet
PRIME Z790-A WIFI Manual
80 pages
NPM 12-0-1 Administrator Guide
100% (1)
NPM 12-0-1 Administrator Guide
388 pages
Udyam Registration for Micro Enterprise
No ratings yet
Udyam Registration for Micro Enterprise
2 pages
CS Homework: Memory Allocation
No ratings yet
CS Homework: Memory Allocation
4 pages
IoT & Cloud: Key Concepts Quiz
No ratings yet
IoT & Cloud: Key Concepts Quiz
20 pages
UAC Trust Shortcut
No ratings yet
UAC Trust Shortcut
0 pages
ABB PLC Prappx
No ratings yet
ABB PLC Prappx
52 pages
Lab 2.1
No ratings yet
Lab 2.1
8 pages
6 - FF CENTUM VP 5 ENG Exerciseonline
No ratings yet
6 - FF CENTUM VP 5 ENG Exerciseonline
20 pages
Itm Install
No ratings yet
Itm Install
674 pages
CNC Data Input/Output Guide
No ratings yet
CNC Data Input/Output Guide
9 pages
2025-05-08
No ratings yet
2025-05-08
73 pages
SA2500/WA2500 Express 5800 120eh2: User Guide
No ratings yet
SA2500/WA2500 Express 5800 120eh2: User Guide
281 pages
Microsoft SQL Server Architecture: Tom Hamilton - America's Channel Database CSE
No ratings yet
Microsoft SQL Server Architecture: Tom Hamilton - America's Channel Database CSE
18 pages
AIX VIOS HMC Roadmap
No ratings yet
AIX VIOS HMC Roadmap
2 pages
Hadoop Installation Step by Step
No ratings yet
Hadoop Installation Step by Step
6 pages
js21 Problem and Service
No ratings yet
js21 Problem and Service
202 pages
How To Create A Cool Photo Mosaic On Linux With Polyfoto
No ratings yet
How To Create A Cool Photo Mosaic On Linux With Polyfoto
4 pages
AT89S52
No ratings yet
AT89S52
37 pages
ThinkPad P15v Gen 2 21A9000BCK
No ratings yet
ThinkPad P15v Gen 2 21A9000BCK
2 pages
Event Tracker Software Overview
No ratings yet
Event Tracker Software Overview
4 pages
DNVR Digital Network Video Recorder : Before Using This System, Please Read The User Manual Carefully
No ratings yet
DNVR Digital Network Video Recorder : Before Using This System, Please Read The User Manual Carefully
37 pages
Historian To Historian Interface Installation and Configuration Guide
No ratings yet
Historian To Historian Interface Installation and Configuration Guide
32 pages