Improper Digital Signature Verification in Kingsoft WPS Office
CVE-2024-11957

9.3CRITICAL

Key Information:

Vendor: Kingsoft
Status: WPs Office
Vendor: CVE Published:; 4 March 2025

Badges

👾 Exploit Exists

What is CVE-2024-11957?

A flaw in the ksojscore.dll component of Kingsoft WPS Office introduces a vulnerability due to improper verification of digital signatures. This weakness, present in versions up to and including 12.1.0.18276 on Windows, permits attackers to load arbitrary Windows libraries, potentially leading to unauthorized code execution. Although a patch was released in version 12.2.0.16909 to address related vulnerabilities, the measures implemented were not sufficiently rigorous, leaving systems vulnerable to exploitation.

Affected Version(s)

WPS Office Windows 12.2.0.16909 < 12.1.0.18276

References

https://www.welivesecurity.com/en/eset-research/analysis-...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 4, 2025
Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Nov 28, 2024