CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-7262

Critical Severity
Kingsoft
SVRS
70/100
CVSSv3
7.8/10
EPSS
0.20166/1

CVE-2024-7262 is a critical vulnerability in Kingsoft WPS Office that allows attackers to load arbitrary Windows libraries. The vulnerability exists in promecefpluginhost.exe in WPS Office versions 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows due to improper path validation. This vulnerability has a SOCRadar Vulnerability Risk Score (SVRS) of 70, indicating a significant risk. It has been actively exploited in the wild using a single-click exploit delivered through a deceptive spreadsheet. Successful exploitation of CVE-2024-7262 could allow an attacker to execute arbitrary code, potentially leading to system compromise, data theft, or denial of service. Given the active exploitation and the availability of a single-click exploit, organizations using affected versions of WPS Office should apply mitigations immediately. This vulnerability is significant because of its ease of exploitation and potential for widespread impact.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-15
LAST MODIFIED2024-09-05
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-7262 is a critical vulnerability in Kingsoft WPS Office that allows an attacker to load an arbitrary Windows library, leading to potential system compromise. The SVRS of 50 indicates a moderate level of risk, highlighting the need for prompt attention.

Key Insights

  • Exploitation in the Wild: The vulnerability is actively exploited by hackers, making it a high-priority threat.
  • Single-Click Exploit: The vulnerability can be exploited through a deceptive spreadsheet document, making it easy for attackers to target unsuspecting users.
  • System Compromise: Successful exploitation could allow attackers to execute arbitrary code, gain system privileges, and compromise sensitive data.

Mitigation Strategies

  • Update Software: Install the latest security updates from Kingsoft to patch the vulnerability.
  • Disable Macros: Disable macros in Microsoft Office applications to prevent the execution of malicious code.
  • Use Antivirus Software: Employ robust antivirus software to detect and block malicious files.
  • Educate Users: Train users to be cautious of suspicious emails and attachments, especially those containing spreadsheets.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
914cbe6372d5b7c93addc4feb5e964cd2024-08-30
HASH
9f88234068d7abad65979eb1df63efb52024-08-30
HASH
b14ef85a60ac71c669cc960bdf5801442024-08-30
HASH
08906644b0ef1ee6478c45a6e0dd28533a9efc292024-08-30
HASH
7509b4c506c01627c1a4c396161d07277f044ac62024-08-30
HASH
6174276f94219bc386bdc628ca18eaec261998b7bd03077562fe93c268b424462024-08-30
HASH
861911e953e6fd0a015b3a91a7528a388a535c83f4b9a5cf7366b8209d2f00c32024-08-30

Exploits

TitleSoftware LinkDate
Kingsoft WPS Office Path Traversal Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-72622024-09-03
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
2025-04-01
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office | Demystifying CVE-2024-7262 and CVE-2024-7263
welivesecurity.com
rss
forum
news
1.815
2025-02-06
1.815 | Newly Added (13)Microsoft .NET Framework CVE-2024-29059 Information Disclosure VulnerabilityPaessler PRTG Network Monitor CVE-2018-9276 OS Command Injection VulnerabilityPaessler PRTG Network Monitor CVE-2018-19410 Authentication Bypass Vulnerability<a href="https://fortiguard.fortinet.com/encyclopedia/endpoint-vuln/6070
fortiguard.com
rss
forum
news
APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor
Ajit Jasrotia2024-11-27
APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor | The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That&#8217;s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around [&#8230;] The post APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace
allhackernews.com
rss
forum
news
Predator spyware updated with dangerous new features, also now harder to track - The Register
2024-09-09
Predator spyware updated with dangerous new features, also now harder to track - The Register | URL: https://www.theregister.com/2024/09/09/predator_spyware_trump_crypto/ | Description: Predator spyware updated with dangerous new features, also now harder to track Plus: Trump family X accounts hijacked to promote crypto scam; Fog ransomware spreads; Hijacked PyPI packages; and more Infosec in brief After activating its chameleon field and going to ground following press attention earlier this year, the dangerous Predator commercial spyware kit is back – with upgrades. Insikt Group, the threat research arm of cyber security firm Recorded Future, reported last week that new Predator infrastructure has popped up in
google.com
rss
forum
news
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor - The Hacker News
2024-08-28
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor - The Hacker News | News Content: A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to infect Chinese and East Asian users with malware. The security flaw in question is CVE-2024-7262 (CVSS score: 9.3), which stems from
google.com
rss
forum
news
Tageszusammenfassung - 03.09.2024
CERT.at2024-11-01
Tageszusammenfassung - 03.09.2024 | End-of-Day report Timeframe: Montag 02-09-2024 18:00 - Dienstag 03-09-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a News D-Link says it is not fixing four RCE flaws in DIR-846W routers D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. [..] The researcher published the information on August 27, 2024
cert.at
rss
forum
news
Data Breaches Digest - Week 35 2024
Dunkie ([email protected])2024-11-01
Data Breaches Digest - Week 35 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 26th August and 1st September 2024. 1st September <br
dbdigest.com
rss
forum
news

Social Media

🚨APT-C-60 Targets Japan with Job-Themed SpyGlace Malware Attack CVE-2024-7262 exploited in August 2024.Delivered SpyGlace via a VHDX file with decoy documents using Google Drive Be cautious of unexpected job application emails. #CyberSecurity #APT #SpyGlace #Malware #ThreatIntel
0
0
0
APT-C-60 SpyGlace Backdoor CVE-2024-7262 Initial analysis findings: - base64 encoded image file is the initial payload which tricks victim to click on the image which seems like a spreadsheet then proceeds with downloading dropper malware. https://t.co/M1WX9DGLH1 https://t.co/K89DsfPsUS
0
0
0
Latest Known Exploited Vulnerabilities (#KEV) #CVE : CVE-2024-7262 #Kingsoft WPS Office Path Traversal Vulnerability https://t.co/ny02ftEe8y
0
0
0
🚨 South Korean 🇰🇷 Hackers Exploit #WPS Office Zero-Day Vulnerability in Large-Scale Espionage Campaign ESET security researchers recently uncovered that the South Korean cyber espionage group, APT-C-60, is exploiting a zero-day vulnerability (CVE-2024-7262) in the Windows https://t.co/ZUqU8fi9wV
0
0
0
@ESET re: https://t.co/4K0EXt40ZA You use CVE-2024-7672 in the timeline instead of CVE-2024-7262
0
0
0
🚨BREAKING: WPS Office hit by cyber ninjas! 🥷💻 Two code execution bugs (CVE-2024-7262 &amp; CVE-2024-7263) exploited to unleash digital chaos. Update now or risk becoming a spreadsheet samurai's next target! 📊⚔️ #CyberSecurity #WTF https://t.co/zp0uNkJQ5M
0
0
0
APT-C-60 weaponized a code execution vulnerability in WPS Office for Windows (CVE-2024-7262) in order to target East Asian countries. https://t.co/qV7O6BwGKC
0
0
0
A South Korea-aligned cyber espionage group, #APT-C-60, has exploited a critical flaw in Kingsoft WPS Office to deploy the #SpyGlace backdoor. https://t.co/TkTbXNQRnI Ensure your security teams are updated on CVE-2024-7262 and CVE-2024-7263. #CyberSecurity #Hacking
1
3
2
APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262): ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting… https://t.co/mSmRwUe9fU https://t.co/1QlXGO3n8a
0
0
0
APT group exploits #WPS Office for Windows RCE #vulnerability (#CVE-2024-7262) https://t.co/kimsgm36j7
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppKingsoftwps_office

References

ReferenceLink
[email protected]https://www.wps.com/whatsnew/pc/20240422/

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence