HIGH🇬🇧 English

CVE-2022-25969

CVSS 7.8v3.1pub. 2022-03-17upd. 2024-11-21

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Kingsoft Wps Office

    APP
    Kingsoft
    10.8.0.6186
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-7263CRITICAL9.3PL ✓ten sam produkt

Path traversal w Kingsoft WPS Office umożliwia ładowanie dowolnych bibliotek Windows

CVE-2023-31275HIGH8.8ten sam produkt

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles...

CVE-2023-32548HIGH8.1ten sam produkt

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can cond...

CVE-2022-26081HIGH7.8ten sam produkt

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute ar...