Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
ESET researchers discovered two code execution vulnerabilities in WPS Office for Windows. CVE-2024-7262 was exploited by APT-C-60, a South Korea-aligned cyberespionage group, to target East Asian countries. The vulnerability allowed arbitrary code execution via a malicious hyperlink in a spreadsheet document. CVE-2024-7263 was subsequently discovered during the analysis of the patch for the first vulnerability. Both flaws affected the plugin component promecefpluginhost.exe and could be triggered by a single click. The vulnerabilities impacted WPS Office versions from 12.2.0.13110 to 12.2.0.17119. Users are strongly advised to update to the latest version to mitigate these security risks.
OPENCTI LABELS :
windows,vulnerability,plugin,wps office,taskcontroler.dll,hyperlink,spyglace,spreadsheet,cve-2024-7262,code execution,cve-2024-7263
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office