CVE-2024-7262

Known Exploited Vulnerability Entry External Catalog

Back to Catalog View Vulnerability
Entry Details

CVE-2024-7262

Confirmed

Yes

2024-09-03 00:00 UTC

Timestamps

2024-09-03

2024-09-03

Scope

KEV entry: Kingsoft WPS Office Path Traversal Vulnerability | Affected: Kingsoft / WPS Office | Description: Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): While CISA cannot confirm the effectiveness of patches at this time, it is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue the use of the product.; https://nvd.nist.gov/vuln/detail/CVE-2024-7262

References
  • {'id': 'CVE-2024-7262', 'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-7262'}

50cb42f5-7f6a-48d9-8216-fdf08b84a33e

405284c2-e461-4670-8979-7fd2c9755a60

2026-02-02 13:24 UTC

2026-02-06 07:53 UTC

Evidence (1)
Type Source Signal Confidence Details GCVE Metadata
vendor_report cisa-kev successful_exploitation 0.80
View details 
{
  "cwes": [
    "CWE-22"
  ],
  "date_added": "2024-09-03",
  "due_date": "2024-09-24",
  "feed": "CISA Known Exploited Vulnerabilities Catalog",
  "knownRansomwareCampaignUse": "Unknown",
  "product": "WPS Office",
  "vendorProject": "Kingsoft",
  "vulnerabilityName": "Kingsoft WPS Office Path Traversal Vulnerability"
}
 -
Export Options
JSON Object JSON API View Full Catalog