The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HKingsoft Wps Office
APPKingsoft10.8.0.6186
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
Powiązane podatności
CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
CVE-2024-7263CRITICAL9.3PL ✓ten sam produkt
Path traversal w Kingsoft WPS Office umożliwia ładowanie dowolnych bibliotek Windows
CVE-2023-31275HIGH8.8ten sam produkt
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles...
CVE-2023-32548HIGH8.1ten sam produkt
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can cond...
CVE-2022-26081HIGH7.8ten sam produkt
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute ar...