- Description
- Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
- Source
- security@eset.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:L/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Kingsoft WPS Office Path Traversal Vulnerability
- Exploit added on
- Sep 3, 2024
- Exploit action due
- Sep 24, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
APT-C-60 strikes again – this time with a targeted attack exploiting the WPS Office vulnerability (CVE-2024-7262) to deploy the SpyGlace backdoor. Read more about how this advanced attack works: https://t.co/pgjvnicEL6
@ExposinKingfish
1 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT-C-60 Actively Exploiting WPS Office Vulnerability CVE-2024-7262 to Deploy SpyGlace Backdoor https://t.co/pT3bbZ6WAe
@vault33org
27 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT-C-60 strikes again – this time with a targeted attack exploiting the WPS Office #vulnerability (CVE-2024-7262) to deploy the SpyGlace backdoor. Read more about how this advanced attack works: https://t.co/28kPqCCqbS #cybersecurity #infosecurity
@ShahriyarGourgi
27 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT-C-60 strikes again – this time with a targeted attack exploiting the WPS Office #vulnerability (CVE-2024-7262) to deploy the SpyGlace backdoor. Read more about how this advanced attack works: https://t.co/WjyK2dKbmd #cybersecurity #infosec
@TheHackersNews
27 Nov 2024
580 Impressions
2 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
APT-C-60 SpyGlace Backdoor CVE-2024-7262 Initial analysis findings: - base64 encoded image file is the initial payload which tricks victim to click on the image which seems like a spreadsheet then proceeds with downloading dropper malware. https://t.co/M1WX9DGLH1 https://t.co/K
@0x251e
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D31BAD7-C75A-4809-ABD7-760B4C5FD8D3",
"versionEndExcluding": "12.2.0.16412",
"versionStartIncluding": "12.2.0.13110"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]