Insecure DLL Loading in WPS Presentation by KingSoft
CVE-2022-26511

7.8HIGH

Key Information:

Vendor: Kingsoft Japan, Inc.
Status: WPs Presentation
Vendor: CVE Published:; 17 March 2022

What is CVE-2022-26511?

WPS Presentation prior to version 11.8.0.5745 is susceptible to an insecure DLL loading vulnerability. This occurs when the application opens .pps files, leading to the loading of d3dx9_41.dll from the current directory without proper validation. This could potentially allow an attacker to execute arbitrary code, compromising user systems. Users are advised to update to the latest version to mitigate this risk.

Affected Version(s)

WPS Presentation Reported for Version 11.8.0.5745

References

https://support.kingsoft.jp/support-info/weakness.html

x_refsource_CONFIRM

https://jvn.jp/en/jp/JVN21234459/

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2022
Vulnerability Reserved
Mar 14, 2022

Kingsoft Japan, Inc.

What is CVE-2022-26511?

Affected Version(s)

References

CVSS V3.1

Timeline