CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Sep 24, 2024
High
CISA KEVCVE-2024-7262
Kingsoft—WPS Office
Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.
Required Action
While CISA cannot confirm the effectiveness of patches at this time, it is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue the use of the product.; https://nvd.nist.gov/vuln/detail/CVE-2024-7262
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Sep 3, 2024
- KEV Added
- Sep 3, 2024
- Due Date
- Sep 24, 2024
- Related Articles
- 0
Vendor
Kingsoft
WPS Office