CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-7263

Critical Severity
Kingsoft
SVRS
75/100
CVSSv3
7.8/10
EPSS
0.00044/1

CVE-2024-7263 allows attackers to load arbitrary Windows libraries in Kingsoft WPS Office. This vulnerability arises from improper path validation in promecefpluginhost.exe, affecting versions 12.2.0.13110 to 12.2.0.17115 on Windows. The patch for CVE-2024-7262 was insufficient, failing to properly sanitize another parameter, leading to arbitrary code execution. With an SVRS of 75, this vulnerability requires close monitoring and mitigation. Exploitation could lead to system compromise and data breaches. Though not critical according to SVRS, the “In The Wild” tag suggests active exploitation. Addressing this vulnerability by updating to a patched version of WPS Office is essential to prevent potential attacks and maintain system security. This flaw underscores the importance of thorough security checks and robust validation mechanisms to protect against such threats.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-15
LAST MODIFIED2025-04-24
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-7263 is a critical vulnerability in Kingsoft WPS Office that allows an attacker to load an arbitrary Windows library. This vulnerability is due to improper path validation in promecefpluginhost.exe. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.

Key Insights

  • The SVRS for CVE-2024-7263 is 30, indicating a moderate level of severity.
  • This vulnerability is actively exploited in the wild.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • Threat actors or APT groups are not known to be actively exploiting this vulnerability.

Mitigation Strategies

  • Update Kingsoft WPS Office to version 12.2.0.17153 or later.
  • Disable the promecefpluginhost.exe process.
  • Block access to the affected ports.
  • Implement a web application firewall (WAF) to block malicious requests.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
914cbe6372d5b7c93addc4feb5e964cd2024-08-30
HASH
9f88234068d7abad65979eb1df63efb52024-08-30
HASH
b14ef85a60ac71c669cc960bdf5801442024-08-30
HASH
08906644b0ef1ee6478c45a6e0dd28533a9efc292024-08-30
HASH
7509b4c506c01627c1a4c396161d07277f044ac62024-08-30
HASH
6174276f94219bc386bdc628ca18eaec261998b7bd03077562fe93c268b424462024-08-30
HASH
861911e953e6fd0a015b3a91a7528a388a535c83f4b9a5cf7366b8209d2f00c32024-08-30

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
2025-04-01
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office | Demystifying CVE-2024-7262 and CVE-2024-7263
welivesecurity.com
rss
forum
news
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor - The Hacker News
2024-08-28
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor - The Hacker News | News Content: A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to infect Chinese and East Asian users with malware. The security flaw in question is CVE-2024-7262 (CVSS score: 9.3), which stems from
google.com
rss
forum
news
WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies - SecurityWeek
2024-08-28
WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies - SecurityWeek | News Content: A WPS Office zero-day vulnerability tracked as CVE⁠-⁠2024⁠-⁠7262 was exploited by South Korean hacker group APT-C-60. Flipboard Reddit Whatsapp Whatsapp Email A zero-day vulnerability in WPS Office has been exploited by a hacker group linked to South Korea to deliver malware, according to cybersecurity firm ESET. The threat actor is tracked as APT-C-60 and the zero-day is identified as CVE⁠-⁠2024⁠-⁠7262. ESET has described APT-C-60 as a “South Korea-aligned cyberespionage group”. The exploit, which
rss
google.com
cve-2024-7262
cve-2024-7263
South Korean hackers exploited WPS Office zero-day to deploy malware - BleepingComputer
2024-08-28
South Korean hackers exploited WPS Office zero-day to deploy malware - BleepingComputer | News Content: By Bill Toulas 06:50 PM The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. WPS Office is a productivity suite developed by the Chinese firm Kingsoft that is popular in Asia. Reportedly, it has over 500 million active users worldwide. The zero-day flaw, tracked as CVE-2024-7262, has been leveraged in attacks in the wild since at least
google.com
rss
forum
news
South Korean Hackers Exploit Two Zero-Day Flaws In WPS Office - Techworm
2024-08-29
South Korean Hackers Exploit Two Zero-Day Flaws In WPS Office - Techworm | News Content: Cybersecurity firm ESET Research discovered two critical zero-day vulnerabilities in WPS Office for Windows, which were exploited by a South Korea-aligned cyberespionage group, APT-C-60, to deliver malware to users in China. Developed by Zhuhai-based Chinese software firm Kingsoft, WPS Office is a popular office productivity suite, especially in East Asian regions. It has more than 500 million active users worldwide. ESET Research discovered the first critical zero-day, identified as CVE—2024?-?7262 (CVSS score: 9.3), during an investigation into APT
google.com
rss
forum
news
WPS Office Zero-Day Exploited by South Korean Spies - CIO News
2024-08-30
WPS Office Zero-Day Exploited by South Korean Spies - CIO News | News Content: ESET reports that a new cyber-espionage campaign linked to a South Korean APT was started by installing a customized backdoor through a special remote code execution (RCE) vulnerability in WPS Office for Windows According to ESET, a new cyber-espionage campaign associated with a South Korean APT was launched using a unique remote code execution (RCE) vulnerability in WPS Office for Windows to install a customized backdoor. The campaign, traced to the Seoul-aligned APT-C-60 group, was designed to target victims in East Asia
google.com
rss
forum
news
Arbitrary Code Execution Vulnerabilities Affecting WPS Office - Technical Analysis - CybersecurityNews
2024-09-03
Arbitrary Code Execution Vulnerabilities Affecting WPS Office - Technical Analysis - CybersecurityNews | News Content: Home Cyber Security Arbitrary Code Execution Vulnerabilities Affecting WPS Office – Technical Analysis Cyber Security Cyber Security News Vulnerability Arbitrary Code Execution Vulnerabilities Affecting WPS Office – Technical Analysis By Dhivya - WPS Office, a popular office suite with over 500 million active users worldwide, has recently found critical vulnerabilities that allow arbitrary code execution. These vulnerabilities, identified as CVE-2024-7262 and CVE-2024-7263, were discovered by ESET researchers during an investigation into the activities of APT-C-60, a South Korea-aligned cyberespionage group. This guide provides a
google.com
rss
forum
news

Social Media

🚨BREAKING: WPS Office hit by cyber ninjas! 🥷💻 Two code execution bugs (CVE-2024-7262 & CVE-2024-7263) exploited to unleash digital chaos. Update now or risk becoming a spreadsheet samurai's next target! 📊⚔️ #CyberSecurity #WTF https://t.co/zp0uNkJQ5M
0
0
0
A South Korea-aligned cyber espionage group, #APT-C-60, has exploited a critical flaw in Kingsoft WPS Office to deploy the #SpyGlace backdoor. https://t.co/TkTbXNQRnI Ensure your security teams are updated on CVE-2024-7262 and CVE-2024-7263. #CyberSecurity #Hacking
1
3
2
WPS Office tiene una falla que ejecuta bibliotecas arbitrarias de Windows 🚨 Las vulnerabilidades están numeradas como CVE-2024-7262 y CVE-2024-7263. WPS Office también es un repertorio anual. #WPSOFFICE https://t.co/Messbrulsa
0
0
0
🚨 Critical path traversal vuln in Kingsoft WPS Office <= 12.2.0.13489 on Windows (CVE-2024-7263). Attacker can compromise system via promecefpluginhost.exe. Patch now to prevent exploitation! #CyberSecurity #Vulnerability
0
0
0
[CVE-2024-7263: CRITICAL] Vulnerability in Kingsoft WPS Office allows loading of arbitrary Windows library. Patch in version 12.2.0.16909 still vulnerable, enabling attackers to exploit CVE-2024-7262.#cybersecurity,#vulnerability https://t.co/7ejxFwBZPH https://t.co/xPYd6Sa7qZ
0
0
1

Affected Software

Configuration 1
TypeVendorProduct
AppKingsoftwps_office

References

ReferenceLink
[email protected]https://www.wps.com/whatsnew/pc/20240422/
[email protected]https://www.wps.com/whatsnew/pc/20240422/

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence