Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2022-26081
CVE-2022-26081:
Kingsoft WPS Office vulnerability analysis and mitigation
Overview
The vulnerability (CVE-2022-26081) affects the installer of WPS Office Version 10.8.0.5745. The issue was discovered and disclosed in March 2022, specifically related to insecure loading of shcore.dll during the installation process (JVN Report).
Technical details
The vulnerability is classified as an insecure DLL loading issue (CWE-427). When the WPS Install Application (wps.1.9.exe) is executed, it insecurely loads shcore.dll from the same directory. The vulnerability has a CVSS v3 Base Score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (JVN Report).
Impact
When exploited, this vulnerability allows arbitrary code execution with the privilege level of the user invoking the installer. This means an attacker could potentially execute malicious code during the installation process (JVN Report).
Mitigation and workarounds
KINGSOFT has addressed this vulnerability in WPS Office2 for Windows version 11.82.8498 or later versions, released in May 2020. Users of affected versions are recommended to upgrade to the latest version of the software (Kingsoft Support).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management