CVE-2022-25943

Published: Mar 9, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.

Affected (1)

Products: Kingsoft: Wps Office

Kingsoft

1 product

Wps Office

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kingsoft Wps Office	Before 11.2.0.10258

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE

Source: vultures@jpcert.or.jp

ExploitThird Party Advisory

https://jvn.jp/en/vu/JVNVU90673830/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.wps.com/whatsnew/pc/20210806/

Source: vultures@jpcert.or.jp

Product

https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://jvn.jp/en/vu/JVNVU90673830/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.wps.com/whatsnew/pc/20210806/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.