WPS Office从路径穿越到远程代码执行漏洞(CVE-2024-7262)分析与复现 - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
Tags
| attack-pattern: | Javascript - T1059.007 |
Common Information
| Type | Value |
|---|---|
| UUID | 20a5a1d1-05c9-4c45-aec5-ff468cf6be3e |
| Fingerprint | 6a1f7d9ff5ea93a6 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 8, 2024, 5:47 p.m. |
| Added to db | Oct. 8, 2024, 12:33 p.m. |
| Last updated | Nov. 17, 2024, 5:56 p.m. |
| Headline | WPS Office从路径穿越到远程代码执行漏洞(CVE-2024-7262)分析与复现 |
| Title | WPS Office从路径穿越到远程代码执行漏洞(CVE-2024-7262)分析与复现 - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com |
| Detected Hints/Tags/Attributes | 6/1/17 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.4hou.com/posts/5MWx |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 268 | ✔ | 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com | https://www.4hou.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 32 | cve-2024-7262 |
|
| Details | Domain | 641 | nvd.nist.gov |
|
| Details | Domain | 3 | avd.aliyun.com |
|
| Details | File | 2 | office程序promecefpluginhost.exe |
|
| Details | File | 8 | wps.exe |
|
| Details | File | 2 | 将启动wps.exe |
|
| Details | File | 2 | 此时wps.exe |
|
| Details | File | 4 | wpscloudsvr.exe |
|
| Details | File | 2 | 中的qingbangong.dll |
|
| Details | File | 2 | 如果launchname参数指定的是promecefpluginhost.exe |
|
| Details | File | 2 | 将加载ksojscore.dll |
|
| Details | File | 2 | 因为下载后的文件名并没有.dll |
|
| Details | File | 2 | 而在加载的时候如果没有指定.dll |
|
| Details | File | 2 | 使用poc.py |
|
| Details | Url | 5 | https://nvd.nist.gov/vuln/detail/cve-2024-7262 |
|
| Details | Url | 3 | https://avd.aliyun.com/detail?id=avd |
|
| Details | Windows Registry Key | 1 | HKEY_CLASSES_ROOT\ksoqing\shell\open\command |