HIGH🇵🇱 Wersja polska

CVE-2022-25969

CVSS 7.8v3.1pub. 2022-03-17upd. 2024-11-21

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Kingsoft Wps Office

    APP
    Kingsoft
    10.8.0.6186
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-7263CRITICAL9.3PL ✓ten sam produkt

Path traversal w Kingsoft WPS Office umożliwia ładowanie dowolnych bibliotek Windows

CVE-2023-31275HIGH8.8ten sam produkt

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles...

CVE-2023-32548HIGH8.1ten sam produkt

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can cond...

CVE-2022-26081HIGH7.8ten sam produkt

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute ar...