The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aiming to overwrite an existing native library utilized by WPS Office. Successful exploitation could result in the execution of arbitrary commands under the guise of WPS Office's application ID.
Metrics
Affected Vendors & Products
References
History
Tue, 20 Aug 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-22 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-20T13:47:03.915Z
Reserved:
Link: CVE-2024-35205
Vulnrichment
Updated: 2024-08-02T03:07:46.856Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:39:43.030
Modified: 2024-08-20T14:35:21.557
Link: CVE-2024-35205
Redhat
No data.