CVE-2022-24934
Published: 23 March 2022
Summary
CVE-2022-24934 is a critical-severity an unspecified weakness vulnerability in Wps Wps Office. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 3.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
wpsupdater.exe in Kingsoft WPS Office through version 11.2.0.10382 contains a vulnerability that permits remote code execution through modification of the HKEY_CURRENT_USER registry key. The affected component is the updater executable shipped with the office suite, which processes registry values without sufficient validation or privilege checks.
An unauthenticated remote attacker can exploit the flaw over the network with low attack complexity and no user interaction required, resulting in full compromise of confidentiality, integrity, and availability on the target system. The CVSS 3.1 base score of 9.8 reflects this broad impact.
Public references link the vulnerability to Operation Dragon Castling, an APT campaign documented by Avast that targeted betting companies and leveraged similar WPS Office weaknesses for initial access.
EPSS for the CVE rose from low values after disclosure to a peak of 0.5621 on 2025-12-11 before receding to the current 0.3223, indicating a clear post-publication increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-29689
Vulnerability details
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.