Primary

Context

Kingsoft WPS Office Arbitrary Code Execution Vulnerability in ksojscore.dll

Vulnerability

Patched

A vulnerability allowing arbitrary code execution has been identified in Kingsoft WPS Office for Windows, in versions 12.1.0.18276 and prior. The issue arises from improper verification of digital signatures in the ksojscore.dll file, which enables an attacker to load malicious Windows libraries. This vulnerability was exploited by the APT-C-60 cyberespionage group, targeting users in East Asian countries.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by creating a malicious spreadsheet document that includes a hidden hyperlink. This hyperlink, when clicked, triggers the execution of an arbitrary library by exploiting the WPS Office custom protocol handler. The malicious library is downloaded and executed, leading to code execution on the system.

Remediation

Users are advised to update Kingsoft WPS Office for Windows to the latest version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kingsoft WPS Office Arbitrary Code Execution Vulnerability in ksojscore.dll

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Kingsoft WPS Office

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating