CVE-2022-25969

EPSS 0.37%
Veröffentlicht 17.03.2022 18:15:09
Zuletzt bearbeitet 21.11.2024 06:53:16
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kingsoft ≫ Wps Office Version10.8.0.6186

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.577

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://jvn.jp/en/jp/JVN21234459/

Third Party Advisory

https://support.kingsoft.jp/support-info/weakness.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-25969

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25969

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25969

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-25969