WPS Office For Android Flaw Puts Over 500 M+ Users At Risk


WPS Office is an office suite developed by Kingsoft that supports spreadsheets, presentations, documents, and others.

It has been used by millions of users worldwide for multiple official purposes. However, WPS Office has been discovered with a critical vulnerability which is associated with Path Traversal.

This vulnerability has been assigned to CVE-2024-35205, and the severity has been given as 4.2 (Medium).

This vulnerability affects WPS Office up to version 16.x on Android devices. Nevertheless, this vulnerability has been patched, and necessary updates have been provided.

WPS Office For Android Vulnerability

According to the reports shared with Cyber Security News, this Path traversal vulnerability affects an unknown code of the File Name Handler component.

WPS Office lacks proper sanitization of file names before they are processed through external application interactions.

In addition to this, WPS office uses external input to construct pathname to identify a file or directory inside a restricted location.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

If the File Name Handler is supplied with a special element, WPS Office does not neutralize these special elements that leads to the location outside of the restricted directory leading to a path traversal vulnerability.

The threat actor can use any application to provide a crafted library file and overwrite an existing native library of WPS Office.

Successful exploitation of this vulnerability allows a threat actor to execute arbitrary commands under the impression of WPS Office’s application ID.

This vulnerability has been addressed by Microsoft as “Dirty Steam” Attack which allows a threat actor to connect to remote file shares using FTP and SMB protocols with the user credentials stored in plain text in a file on Android.

WPS Office For Android Flaw Puts Over 500 M+ Users At Risk
Getting remote files with Path Traversal vulnerability (Source: Microsoft)

However, this vulnerability has been patched in WPS Office applications version 17.0.0 for Android. Users of WPS Office are recommended to upgrade to the latest version in order to prevent the exploitation of this vulnerability by threat actors.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free



Source link