CVE-2024-35205

HIGH

WPS Office <17.0.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-35205. PoCs published by cyb3r-w0lf.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-35205, targeting MI-File Explorer V1-210567. The exploit demonstrates the Dirty Stream vulnerability by writing a file ('pwned.txt') into a restricted directory, leveraging improper handling of content provider URIs.

Description

The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aiming to overwrite an existing native library utilized by WPS Office. Successful exploitation could result in the execution of arbitrary commands under the guise of WPS Office's application ID.

Exploits (1)

nomisec WORKING POC 12 stars
by cyb3r-w0lf · poc
https://github.com/cyb3r-w0lf/Dirty_Stream-Android-POC

This repository contains a functional exploit for CVE-2024-35205, targeting MI-File Explorer V1-210567. The exploit demonstrates the Dirty Stream vulnerability by writing a file ('pwned.txt') into a restricted directory, leveraging improper handling of content provider URIs.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: MI-File Explorer V1-210567
No auth needed
Prerequisites: Android device with vulnerable MI-File Explorer version installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.8
EPSS 0.0075
EPSS Percentile 50.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-22
Status published
Published May 14, 2024
Tracked Since Feb 18, 2026