Insecure Loading of shcore.dll in WPS Office Version 10.8.0.5745 Installer Allows Arbitrary Code Execution

Insecure Loading of shcore.dll in WPS Office Version 10.8.0.5745 Installer Allows Arbitrary Code Execution

CVE-2022-26081 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

Learn more about our Cis Benchmark Audit For Microsoft Office.