CVE-2022-26081

EPSS 0.37%
Veröffentlicht 17.03.2022 18:15:09
Zuletzt bearbeitet 21.11.2024 06:53:23
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kingsoft ≫ Wps Office Version10.8.0.5745

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.577

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://jvn.jp/en/jp/JVN21234459/

Third Party Advisory

https://support.kingsoft.jp/support-info/weakness.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-26081

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26081

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26081

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-26081