Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
Aug. 30, 2024, 6:08 p.m.
Description
ESET researchers discovered two code execution vulnerabilities in WPS Office for Windows. CVE-2024-7262 was exploited by APT-C-60, a South Korea-aligned cyberespionage group, to target East Asian countries. The vulnerability allowed arbitrary code execution via a malicious hyperlink in a spreadsheet document. CVE-2024-7263 was subsequently discovered during the analysis of the patch for the first vulnerability. Both flaws affected the plugin component promecefpluginhost.exe and could be triggered by a single click. The vulnerabilities impacted WPS Office versions from 12.2.0.13110 to 12.2.0.17119. Users are strongly advised to update to the latest version to mitigate these security risks.
Tags
Date
- Created: Aug. 30, 2024, 5:48 p.m.
- Published: Aug. 30, 2024, 5:48 p.m.
- Modified: Aug. 30, 2024, 6:08 p.m.
Indicators
- 861911e953e6fd0a015b3a91a7528a388a535c83f4b9a5cf7366b8209d2f00c3
- 6174276f94219bc386bdc628ca18eaec261998b7bd03077562fe93c268b42446
- 162.222.214.48
- 131.153.206.231
- rammenale.com
Attack Patterns
- SpyGlace
- APT-C-60
- T1583.001
- T1608.001
- T1583.004
- T1587.004
- T1204.001
- T1203