RCE in Kingsoft Wps Office
CVE-2024-13187
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is po…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.001 (20.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Kingsoft Wps Office — versions 6.14.0
Weakness classification (CWE)
References
- VDB-290779 | Kingsoft WPS Office TCC code injection (vdb-entry)
- VDB-290779 | CTI Indicators (IOB, IOC, TTP) (signature, permissions-required)
- Submit #468013 | https://www.wps.com/ WPS Mac 6.14.0 Privilege Defined With Unsafe Actions (third-party-advisory)
- github.com/Rsec-1/wps (exploit)
Frequently asked questions
- What is CVE-2024-13187?
- CVE-2024-13187 is a medium-severity vulnerability in Kingsoft Wps Office, classified under Code Injection. CVSS score: 5.3/10. Published 2025-01-08.
- How severe is CVE-2024-13187?
- Medium severity. CVSS v3 base score is 5.3 out of 10.