CVE-2024-7262

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

mproper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

References

Link	Resource
https://www.wps.com/whatsnew/pc/20240422/	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262	US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

30 Oct 2025, 20:12

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262 - US Government Resource

21 Oct 2025, 23:16

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262 -

21 Oct 2025, 20:20

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:21

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262 -

22 Aug 2024, 06:15

Type	Values Removed	Values Added
Summary	(en) Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 (inclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document	(en) Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

16 Aug 2024, 14:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-15 15:15

Updated : 2025-10-30 20:12

NVD link : CVE-2024-7262

Mitre link : CVE-2024-7262

CVE.ORG link : CVE-2024-7262

JSON object : View

Products Affected

kingsoft

wps_office

microsoft

windows

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

7.8 /10