PT-2025-2045 · Kingsoft · Kingsoft Wps Office

Rsec

Publicado

2025-01-08

Atualizado

2025-01-08

CVE-2024-13187

CVSS v2.0

4.3

Média

Vetor

AV:L/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Kingsoft WPS Office version 6.14.0

Description A critical issue was found in the TCC Handler component of Kingsoft WPS Office, allowing for code injection. The manipulation can lead to an attack on the local host. The issue has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations For Kingsoft WPS Office version 6.14.0, as a temporary workaround, consider disabling the TCC Handler component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-94

Identificadores relacionados

CVE-2024-13187

Produtos afetados

Kingsoft Wps Office

PT-2025-2045 · Kingsoft · Kingsoft Wps Office

CVE-2024-13187

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8