cbcvebase.
CVE-2022-24934
published 2022-03-23

CVE-2022-24934: wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.

PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
20.47%
97.2th percentile
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpswps_office<= 11.2.0.10382

Detection & IOCsextracted from sources · hover to see the quote

processwpsupdater.exe
  • Monitor wpsupdater.exe for unexpected registry modifications to HKEY_CURRENT_USER, which may indicate exploitation of CVE-2022-24934 leading to remote code execution.
  • ·Affected version range is Kingsoft WPS Office through 11.2.0.10382; versions beyond this may be patched.
  • ·The threat actor behind Operation Dragon Castling exploiting this CVE was not yet linked to a known group at time of reporting.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.