JVNVU#90673830
Installer of WPS Office for Windows misconfigures the ACL for the installation directory
Overview
Installer of WPS Office for Windows misconfigures the ACL for the installation directory.
Products Affected
- WPS Office for Windows, versions prior to v11.2.0.10258
Description
When WPS Office for Windows is installed, some service program is registered to the OS, which is invoked with some administrative privilege.
The installer fails to configure properly the ACL for the directory where the service program is installed (CWE-276).
Impact
A non-administrative user may touch/modify/remove any files in the directory where the service program is installed, resulting to privilege escalation.
Solution
Update the Software
Update WPS Office for Windows to the latest version.
According to the developer, the vulnerability is fixed on v11.2.0.10258.
Vendor Status
| Vendor | Link |
| WPS Office Software | WPS Office for Windows |
| Update Features of WPS Office on 08/06/2021 |
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Mohammed Hadi reported this vulnerability to the vendor and JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2022-25943 |
| JVN iPedia |
|
Update History
- 2022/03/09
- [References] updated.