CVE-2022-25969 Vulnerability Details

  /     /     /  

CVE-2022-25969 Metadata Quick Info

CVE Published: 17/03/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: jpcert | Vendor: KINGSOFT JAPAN, INC. | Product: The installer of WPS Office
Status : PUBLISHED

---

CVE-2022-25969 Description

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-427
CWE Name: CWE-427: insecurely loading Dynamic Link Libraries
Source: KINGSOFT JAPAN, INC.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).