CVE-2024-7262

Name of the Vulnerable Software and Affected Versions Kingsoft WPS Office versions 12.2.0.13110 through 12.2.0.16412

Description The issue is related to improper path validation in the promecefpluginhost.exe component of Kingsoft WPS Office, allowing an attacker to load arbitrary Windows libraries. This vulnerability has been found to be exploited in the wild, with estimates suggesting that over 200 million users are at risk. The vulnerability is exploited through a deceptive spreadsheet document that tricks the user into clicking a hidden hyperlink, triggering a code execution vulnerability. APT group APT-C-60 has been identified as exploiting this vulnerability to deploy the SpyGlace backdoor, targeting users in East Asian countries.

Recommendations For Kingsoft WPS Office versions 12.2.0.13110 through 12.2.0.16412, update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the promecefpluginhost.exe component until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using malicious spreadsheets that may trigger the code execution vulnerability.

At the moment, there is no information about a newer version that contains a fix for this vulnerability, but Kingsoft, the developer of WPS Office, has already released a patch for the vulnerability. Users are strongly recommended to update their software to the latest version and exercise caution when opening files from unknown sources.