Kingsoft Office Remote Code Execution
- Published: 5 Nov 2014
- Type: Remote Code Execution through MitM Attack on Kingsoft Office Application
- Severity: High
Affected Products
Kingsoft Office
CVE
CVE-2014-2271
MWR have discovered a vulnerability in the Kingsoft Office application, shipped by default with the Huawei P2 mobile phone. The vulnerability takes advantage of an SSL connection falling back to a clear text connection in order to inject content into a WebView with a vulnerable JavaScript bridge. Exploiting this issue allows an attacker to remotely execute commands on the device in the context of the Kingsoft Office application.
The advisory can be downloaded here.