What is CVE-2024-7262?

A critical vulnerability in Kingsoft WPS Office allows attackers to exploit improper path validation to load arbitrary Windows libraries. Organizations must prioritize immediate remediation to mitigate potential risks.

What is the severity of CVE-2024-7262?

CVE-2024-7262 has a severity rating of CRITICAL with a CVSS base score of 9.3.

Is CVE-2024-7262 in CISA KEV?

Yes. CVE-2024-7262 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2024-7262 | Critical Vulnerability in Kingsoft WPS Office

CVE-2024-7262 is a critical vulnerability affecting Kingsoft WPS Office versions from 12.2.0.13110 to 12.2.0.16412. This vulnerability allows attackers to exploit improper path validation in the promecefpluginhost.exe component. The attack vector is local, and the vulnerability is characterized by a CVSS score of 9.3, underscoring its critical nature.

The risk to organizations includes potential unauthorized access to sensitive information, as this vulnerability can be weaponized as a single-click exploit through deceptive spreadsheet documents. Given the severity and exploitability of this vulnerability, organizations should prioritize patching immediately.

As of now, there are no known exploits publicly available for this vulnerability, which provides a window for organizations to address the issue through timely patching.

Organizations using affected versions of Kingsoft WPS Office should take immediate action to mitigate risks associated with this vulnerability, given the potential for significant impact.

Vulnerability Details

The vulnerability in Kingsoft WPS Office arises from improper path validation in promecefpluginhost.exe. This allows an attacker to load an arbitrary Windows library, which poses a significant threat to system integrity and confidentiality. The official CVSS score is 9.3, indicating a critical severity level.

The vulnerability was discovered on August 15, 2024, and has been classified under CWE-22. Organizations should ensure they are aware of this vulnerability and implement necessary updates.

Technical Analysis

The root cause of CVE-2024-7262 is linked to improper path validation, leading to exploitation through local execution. Attackers may leverage this vulnerability with low complexity, requiring no privileges and only passive user interaction.

The attack vector is local, as the vulnerability allows an attacker to execute malicious code on the same machine without needing elevated permissions. The impacts are severe, affecting confidentiality, integrity, and availability.

Risk & Impact Analysis

The real-world risk of CVE-2024-7262 is substantial, particularly for organizations relying on Kingsoft WPS Office for document processing. The potential for unauthorized library loading means sensitive data could be compromised.

The blast radius is significant as it could potentially affect all users of the affected versions of the software. Given its critical CVSS score, organizations must act swiftly, as failure to remediate could lead to severe operational disruptions.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

All versions of Kingsoft WPS Office from 12.2.0.13110 up to, but not including, 12.2.0.16412 are affected. Organizations should review their software version and apply necessary patches.

Mitigation & Remediation

To mitigate this vulnerability, organizations must apply the latest patches provided by Kingsoft. If patches are not available, organizations should consider discontinuing the use of the product until effective mitigations can be applied. For further guidance, refer to penetration testing services to evaluate potential vulnerabilities in their software.

Detection Guidance

Organizations should monitor logs for unusual access patterns or modifications to the promecefpluginhost.exe file. Behavioral anomalies, such as unexpected library loads, should also be tracked, as these may indicate attempts to exploit this vulnerability.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2024-7262 highlights the importance of robust path validation in software development. This vulnerability serves as a reminder for security teams to conduct regular code reviews and vulnerability assessments to prevent similar weaknesses.

Organizations are encouraged to enhance their security posture by adopting penetration testing methodologies and integrating continuous security practices into their development lifecycle.

Lastly, organizations should be vigilant about monitoring emerging threats related to vulnerabilities like this one by engaging in regular threat intelligence reviews and updating their security measures accordingly.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-7262: Critical Vulnerability in Kingsoft WPS Office