CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Sep 24, 2024
Description
Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.
EPSS — Exploit Probability
Higher than 94.7% of all CVEs
Required Action
While CISA cannot confirm the effectiveness of patches at this time, it is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue the use of the product.; https://nvd.nist.gov/vuln/detail/CVE-2024-7262
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 15.9%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
Sep 3, 2024
Added to KEV
Sep 3, 2024
Remediation Due
Sep 24, 2024