Kingsoft Office Remote Code Execution
- Published: 5 Nov 2014
Kingsoft Office Remote Code Execution
CVE-2014-2271
Share
Type
- Remote Code Execution through MitM Attack on Kingsoft Office Application
Severity
- High
Affected products
- Kingsoft Office
Date
- 2014-11-05
CVE Reference
- CVE-2014-2271
MWR have discovered a vulnerability in the Kingsoft Office application, shipped by default with the Huawei P2 mobile phone. The vulnerability takes advantage of an SSL connection falling back to a clear text connection in order to inject content into a WebView with a vulnerable JavaScript bridge. Exploiting this issue allows an attacker to remotely execute commands on the device in the context of the Kingsoft Office application.
The advisory can be downloaded here.