漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Arbitrary Code Execution in WPS Office
Vulnerability Description
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Kingsoft WPS Office 安全漏洞
Vulnerability Description
Kingsoft WPS Office是中国金山软件(Kingsoft)公司的一种办公软件。提供文件处理功能。 Kingsoft WPS Office 12.2.0.13110版本至12.2.0.13489版本存在安全漏洞,该漏洞源于promecefpluginhost.exe路径验证不当。攻击者利用该漏洞可以加载任意Windows库。
CVSS Information
N/A
Vulnerability Type
N/A