CVE-2022-26081

Summary

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

Affected Software

VendorProductVersion RangeStatus
KINGSOFT JAPAN, INC.The installer of WPS OfficeReported for Version 10.8.0.5745affected

Weaknesses

  • CWE-427: CWE-427: insecurely loading Dynamic Link Libraries

ADP Enrichment

CVE Program Container

Additional References

References