CVE-2024-7263: 
Kingsoft WPS Office vulnerability analysis and mitigation

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability emerged as a follow-up to CVE-2024-7262, where the patch released in version 12.1.0.17119 was not restrictive enough, leading to another parameter being improperly sanitized which enables the execution of arbitrary Windows libraries (NVD, CVE).

The vulnerability stems from insufficient validation of the CefPluginPathU8 parameter in the promecefpluginhost.exe component. When processing command line arguments, the application performs a case-sensitive check for parameter names, but subsequent processing uses case-insensitive comparison. This logic flaw allows attackers to bypass security checks by manipulating the case of parameter names. Additionally, while JSCefServicePath undergoes certificate validation, CefPluginPathU8 does not properly verify signatures when loading libraries, enabling the execution of arbitrary code (ESET Research). The vulnerability has been assigned a CVSS score of 9.3, indicating critical severity (Security Online).

The vulnerability affects over 200 million WPS Office users worldwide, particularly in the East Asia region. If exploited, it allows attackers to execute arbitrary code on the victim's system through malicious library loading, potentially leading to data theft, ransomware deployment, or further system compromise (Help Net Security).

Users are strongly advised to update their WPS Office installation to version 12.2.0.17115 or later, which contains the patch for this vulnerability. Kingsoft has addressed both CVE-2024-7262 and CVE-2024-7263 in their latest releases (WPS Update).