CVE-2024-13187

A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

No configuration.

History

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad en Kingsoft WPS Office 6.14.0 en macOS. Se ha declarado como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente TCC Handler. La manipulación conduce a la inyección de código. Es posible lanzar el ataque en el host local. El exploit se ha hecho público y puede utilizarse. Se contactó al proveedor con anticipación sobre esta divulgación, pero no respondió de ninguna manera.

08 Jan 2025, 21:15

Type Values Removed Values Added
References () https://github.com/Rsec-1/wps - () https://github.com/Rsec-1/wps -

08 Jan 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-08 17:15

Updated : 2026-06-17 07:01


NVD link : CVE-2024-13187

Mitre link : CVE-2024-13187

CVE.ORG link : CVE-2024-13187


JSON object : View

Products Affected

No product.

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-94

Improper Control of Generation of Code ('Code Injection')