Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276
 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 04 Mar 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Tue, 04 Mar 2025 16:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. | |
| Title | Arbitrary Code Execution in WPS Office | |
| Weaknesses | CWE-347 | |
| References |  | |
| Metrics | cvssV4_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: ESET
Published: 2025-03-04T15:41:00.514Z
Updated: 2025-03-05T08:05:18.805Z
Reserved: 2024-11-28T07:42:29.586Z
Link: CVE-2024-11957
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-03-04T16:07:15.524Z
 NVD
                        NVD
                    Status : Received
Published: 2025-03-04T16:15:34.927
Modified: 2025-03-04T16:15:34.927
Link: CVE-2024-11957
 Redhat
                        Redhat
                    No data.
 ReportizFlow
ReportizFlow