CVE-2024-7262
Published: 15 August 2024
Summary
CVE-2024-7262 is a critical-severity Path Traversal (CWE-22) vulnerability in Kingsoft Wps Office. Its CVSS base score is 9.3 (Critical).
Operationally, ranked in the top 6.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-7262 is an improper path validation flaw (CWE-22) in promecefpluginhost.exe within Kingsoft WPS Office on Windows. It affects builds 12.2.0.13110 through 12.2.0.16412 (exclusive) and permits an attacker to load an arbitrary Windows library because the executable fails to correctly sanitize or restrict the search path for DLLs.
An unauthenticated local attacker can deliver a single-click exploit via a deceptive spreadsheet document. When the victim opens the file, the vulnerable host process loads attacker-controlled code, resulting in arbitrary code execution with full confidentiality, integrity Availability, and scope impacts as reflected in the CVSS 9.3 score.
WPS released an updated build on 22 April 2024 that corrects the path-handling logic. CISA added the CVE to its Known Exploited Vulnerabilities catalog, confirming that the flaw has been observed in active campaigns and directing organizations to apply the vendor patch.
The EPSS score rose from a low baseline to a peak of 0.1747 before settling at 0.1029, indicating measurable post-disclosure exploitation interest that aligns with its inclusion in the CISA catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-48209
Vulnerability details
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of…
more
a deceptive spreadsheet document
- CWE(s)
- KEV Date Added
- 03 September 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of file paths supplied to promecefpluginhost.exe, blocking the CWE-22 path traversal that enables arbitrary library loads.
Mandates integrity verification of loaded libraries and executables, preventing the vulnerable WPS component from executing attacker-supplied DLLs.
Requires timely application of the vendor patch that corrects the path-handling flaw in versions 12.2.0.13110–12.2.0.16412.