CVE-2024-11957

Vulnerability Description

Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough.

Related Weaknesses (CWE)

CWE-347

References

https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-e

FAQ

What is CVE-2024-11957?

CVE-2024-11957 is a documented vulnerability. Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library....

How severe is CVE-2024-11957?

CVSS scoring is not yet available for CVE-2024-11957. Check NVD for updates.

Is there a patch for CVE-2024-11957?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.