CISA Known Exploited Vulnerability

CVE-2024-7262

Kingsoft · WPS Office

Kingsoft WPS Office Path Traversal Vulnerability

Date added 2024-09-03

BOD 22-01 due date 2024-09-24

CWE CWE-22

Ransomware Unknown

CISA description

Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes & references

While CISA cannot confirm the effectiveness of patches at this time, it is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue the use of the product.
https://nvd.nist.gov/vuln/detail/CVE-2024-7262

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2024-7262
CVE.org · CVE-2024-7262
CISA KEV catalog (canonical)