WPS Office For Android Vulnerability Puts Over 500 Million+ Users At Risk

by Esmeralda McKenzie
WPS Office For Android Vulnerability Puts Over 500 Million+ Users At Risk

WPS Office For Android Vulnerability Puts Over 500 Million+ Users At Risk

WPS Place of work For Android Vulnerability Puts Over 500 Million+ Users At Threat

WPS Place of work is an set of labor suite developed by Kingsoft that helps spreadsheets, presentations, documents, and others.

It has been faded by tens of millions of customers worldwide for multiple legitimate purposes. On the opposite hand, WPS Place of work has been stumbled on with an valuable vulnerability which is associated with Route Traversal.

This vulnerability has been assigned to CVE-2024-35205, and the severity has been given as 4.2 (Medium).

This vulnerability impacts WPS Place of work as much as version 16.x on Android devices. Alternatively, this vulnerability has been patched, and necessary updates have confidence been equipped.

WPS Place of work For Android Vulnerability

In step with the experiences shared with Cyber Security News, this Route traversal vulnerability impacts an unknown code of the File Name Handler factor.

WPS Place of work lacks lovely sanitization of file names sooner than they’re processed through exterior software interactions.

As successfully as to this, WPS set of labor makes employ of exterior input to assemble pathname to name a file or directory inside a restricted region.

If the File Name Handler is equipped with a particular factor, WPS Place of work does not neutralize these particular parts that ends within the positioning exterior of the restricted directory main to a direction traversal vulnerability.

The possibility actor can employ any software to produce a crafted library file and overwrite an unusual native library of WPS Place of work.

A hit exploitation of this vulnerability permits a possibility actor to make arbitrary instructions below the affect of WPS Place of work’s software ID.

This vulnerability has been addressed by Microsoft as “Soiled Steam” Attack which permits a possibility actor to glue to a ways flung file shares the utilization of FTP and SMB protocols with the user credentials kept in straightforward text in a file on Android.

Capture%20(66)
Getting a ways flung recordsdata with Route Traversal vulnerability (Source: Microsoft)

On the opposite hand, this vulnerability has been patched in WPS Place of work capabilities version 17.0.0 for Android. Users of WPS Place of work are instantaneous to upgrade to the most fresh version in reveal to prevent the exploitation of this vulnerability by possibility actors.

Source credit : cybersecuritynews.com

Related Posts