Code Injection Vulnerability in Kingsoft WPS Office for macOS
CVE-2024-13187

Currently unrated

Key Information:

Vendor

Kingsoft

Vendor
CVE Published:
8 January 2025

What is CVE-2024-13187?

A code injection vulnerability exists in Kingsoft WPS Office 6.14.0 for macOS, specifically affecting an unknown functionality within the TCC Handler component. This flaw allows local attackers to exploit the vulnerability to execute arbitrary code through manipulated inputs. Despite the potential severity, the vendor has yet to respond to notifications regarding this security issue, making it crucial for users of this software version to take immediate precautions.

References

https://github.com/Rsec-1/wps
https://github.com/Rsec-1/wps
https://vuldb.com/?ctiid.290779

Timeline

  • Vulnerability published

.
CVE-2024-13187 : Code Injection Vulnerability in Kingsoft WPS Office for macOS