Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

Aug. 30, 2024, 6:08 p.m.

Description

ESET researchers discovered two code execution vulnerabilities in WPS Office for Windows. CVE-2024-7262 was exploited by APT-C-60, a South Korea-aligned cyberespionage group, to target East Asian countries. The vulnerability allowed arbitrary code execution via a malicious hyperlink in a spreadsheet document. CVE-2024-7263 was subsequently discovered during the analysis of the patch for the first vulnerability. Both flaws affected the plugin component promecefpluginhost.exe and could be triggered by a single click. The vulnerabilities impacted WPS Office versions from 12.2.0.13110 to 12.2.0.17119. Users are strongly advised to update to the latest version to mitigate these security risks.

Date

Published: Aug. 30, 2024, 5:48 p.m.

Created: Aug. 30, 2024, 5:48 p.m.

Modified: Aug. 30, 2024, 6:08 p.m.

Indicators

861911e953e6fd0a015b3a91a7528a388a535c83f4b9a5cf7366b8209d2f00c3

6174276f94219bc386bdc628ca18eaec261998b7bd03077562fe93c268b42446

162.222.214.48

131.153.206.231

rammenale.com

Attack Patterns

SpyGlace

APT-C-60

T1583.001

T1608.001

T1583.004

T1587.004

T1204.001

T1203

CVE-2924-7263

CVE-2024-7672

CVE-2022-24934

CVE-2024-7263

CVE-2024-7262