cvedb.io
CVE-2024-7263
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2024-08-15T15:15:22.453 · Last modified 2026-06-17T08:19:43.757

Summary

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.

Affected products

kingsoft — wps_office

Does this affect you?

Add your gear to cvedb and we'll alert you only when kingsoft ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.