Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
Aug. 30, 2024, 6:08 p.m.
Description
ESET researchers discovered two code execution vulnerabilities in WPS Office for Windows. CVE-2024-7262 was exploited by APT-C-60, a South Korea-aligned cyberespionage group, to target East Asian countries. The vulnerability allowed arbitrary code execution via a malicious hyperlink in a spreadsheet document. CVE-2024-7263 was subsequently discovered during the analysis of the patch for the first vulnerability. Both flaws affected the plugin component promecefpluginhost.exe and could be triggered by a single click. The vulnerabilities impacted WPS Office versions from 12.2.0.13110 to 12.2.0.17119. Users are strongly advised to update to the latest version to mitigate these security risks.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 30, 2024, 5:48 p.m. | Aug. 30, 2024, 5:48 p.m. | Aug. 30, 2024, 6:08 p.m. |
Indicators
861911e953e6fd0a015b3a91a7528a388a535c83f4b9a5cf7366b8209d2f00c3
6174276f94219bc386bdc628ca18eaec261998b7bd03077562fe93c268b42446
162.222.214.48
131.153.206.231
Attack Patterns
SpyGlace
APT-C-60
T1583.001
T1608.001
T1583.004
T1587.004
T1204.001
T1203
CVE-2924-7263
CVE-2024-7672
CVE-2022-24934
CVE-2024-7263
CVE-2024-7262