两个影响WPS Office的任意代码执行漏洞分析
Tags
Show in Graph
Common Information
Type Value
UUID 4750aaf5-cc72-4727-bb23-cc7b2fd873c1
Fingerprint 5a637e6cea8e0df7
Analysis status DONE
Considered CTI value 2
Text language
Published June 20, 2024, midnight
Added to db Sept. 17, 2024, 10:10 a.m.
Last updated Nov. 17, 2024, 5:50 p.m.
Headline 两个影响WPS Office的任意代码执行漏洞分析
Title 两个影响WPS Office的任意代码执行漏洞分析
Detected Hints/Tags/Attributes 5/0/26
Source URLs
Redirection Url
Details Source https://cn-sec.com/archives/3176057.html
URL Provider
Details Provider Source level domain
Details cn-sec.com cn-sec.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 483 CN-SEC 中文网 https://cn-sec.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 4 
cve-2924-7263
Details CVE 32 
cve-2024-7262
Details CVE 17 
cve-2024-7263
Details File 2 
office插件组件promecefpluginhost.exe
Details File 3 
et.exe
Details File 8 
wps.exe
Details File 1 
将加载qingbangong.dll
Details File 18 
promecefpluginhost.exe
Details File 1 
在本例中为promecefpluginhost.exe
Details File 1 
被传递给promecefpluginhost.exe
Details File 1 
便会加载ksojscore.dll
Details File 5 
dll1.dll
Details File 1 
当promecefpluginhost.exe
Details File 1 
可以防止该函数追加.dll
Details File 1 
第一次检查发生在promecefpluginhost.exe
Details File 1 
其中jscefservice.dll
Details File 1 
exe随后加载ksojscore.dll
Details File 1 
当这样的命令行传递给ksojscore.dll
Details File 1 
加载库jscefservice.dll
Details File 1 
并使用cefpluginpathu8提供的文件路径连接字符串libcef.dll
Details File 2 
jscefservice.dll
Details File 1 
将尝试加载存储在该变量给出的攻击者控制的文件路径下的libcef.dll
Details File 1 
此漏洞的主要约束是附加到文件路径的字符串libcef.dll
Details File 1 
图18所示的屏幕截图说明了如何使用网络路径劫持promecefpluginhost.exe
Details sha1 3 
08906644b0ef1ee6478c45a6e0dd28533a9efc29
Details Url 2 
http://localhost/dll1.dll