jvndb-2024-000098
Vulnerability from jvndb
Published
2024-09-06 15:07
Modified
2024-09-06 15:07
Severity
Summary
Multiple products from KINGSOFT JAPAN vulnerable to path traversal
Details
KINGSOFT JAPAN, INC. provides Kingsoft Office Software's WPS Office and its related products localized for Japan.<br />
WPS Office and its related products provided by KINGSOFT JAPAN, INC. contain a path traversal vulnerability (CWE-22, CVE-2024-7262, CVE-2024-7263)) due to inadequate file path validation by promecefpluginhost.exe.<br />
Note that, a report has been published describing that "WPS Office provided by Kingsoft Office Software is affected to this vulnerability and exploitation is observed".<br />
KINGSOFT JAPAN, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and KINGSOFT JAPAN, INC. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000098.html",
"dc:date": "2024-09-06T15:07+09:00",
"dcterms:issued": "2024-09-06T15:07+09:00",
"dcterms:modified": "2024-09-06T15:07+09:00",
"description": "KINGSOFT JAPAN, INC. provides Kingsoft Office Software\u0026#39;s WPS Office and its related products localized for Japan.\u003cbr /\u003e\r\nWPS Office and its related products provided by KINGSOFT JAPAN, INC. contain a path traversal vulnerability (CWE-22, CVE-2024-7262, CVE-2024-7263)) due to inadequate file path validation by promecefpluginhost.exe.\u003cbr /\u003e\r\n\r\nNote that, a report has been published describing that \u0026quot;WPS Office\u0026nbsp;provided by Kingsoft Office Software is affected to this vulnerability and exploitation is observed\u0026quot;.\u003cbr /\u003e\r\n\r\nKINGSOFT JAPAN, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and KINGSOFT JAPAN, INC. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000098.html",
"sec:cpe": [
{
"#text": "cpe:/a:kingsoft:pdf_pro",
"@product": "KINGSOFT PDF Pro",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:kingsoft:wps_cloud",
"@product": "WPS Cloud",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:kingsoft:wps_cloud_pro",
"@product": "WPS Cloud Pro",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:kingsoft:wps_office2_for_Windows",
"@product": "WPS Office2 for Windows",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000098",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN32529796/index.html",
"@id": "JVN#32529796",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-7262",
"@id": "CVE-2024-7262",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-7263",
"@id": "CVE-2024-7263",
"@source": "CVE"
},
{
"#text": "https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/",
"@id": "Analysis of two arbitrary code execution vulnerabilities affecting WPS Office",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Multiple products from KINGSOFT JAPAN vulnerable to path traversal"
}
Loading...