cbcvebase.
CVE-2022-25969
published 2022-03-17

CVE-2022-25969: The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the…

PriorityP336high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.78%
51.1th percentile
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

Affected

2 ranges
VendorProductVersion rangeFixed in
kingsoftwps_office
kingsoft_japan_incthe_installer_of_wps_office

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.