CVE-2024-35205

HIGH

WPS Office <17.0.0 - Privilege Escalation

Title source: llm

Description

The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aiming to overwrite an existing native library utilized by WPS Office. Successful exploitation could result in the execution of arbitrary commands under the guise of WPS Office's application ID.

Exploits (1)

nomisec WORKING POC 12 stars

by cyb3r-w0lf · poc

https://github.com/cyb3r-w0lf/Dirty_Stream-Android-POC

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/

Scores

CVSS v3 7.8

EPSS 0.0149

EPSS Percentile 81.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Published May 14, 2024

Tracked Since Feb 18, 2026