Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

SUMMARY :

ESET researchers discovered two code execution vulnerabilities in WPS Office for Windows. CVE-2024-7262 was exploited by APT-C-60, a South Korea-aligned cyberespionage group, to target East Asian countries. The vulnerability allowed arbitrary code execution via a malicious hyperlink in a spreadsheet document. CVE-2024-7263 was subsequently discovered during the analysis of the patch for the first vulnerability. Both flaws affected the plugin component promecefpluginhost.exe and could be triggered by a single click. The vulnerabilities impacted WPS Office versions from 12.2.0.13110 to 12.2.0.17119. Users are strongly advised to update to the latest version to mitigate these security risks.

OPENCTI LABELS :

windows,vulnerability,plugin,wps office,taskcontroler.dll,hyperlink,spyglace,spreadsheet,cve-2024-7262,code execution,cve-2024-7263


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Analysis of two arbitrary code execution vulnerabilities affecting WPS Office