[High Risk] Code Execution Vulnerability in WPS Office

News 2023-08-19 02:04:17 views: null

Vulnerability description

WPS Office software is an office software package independently developed by Kingsoft Office Software Co., Ltd.

In the affected versions, there is a design flaw in the browser domain name whitelist mechanism embedded in WPS Office. An attacker could exploit this vulnerability to create malicious files.
After the victim opens the file and clicks on a picture or object with a hyperlink, the malicious code on the remote server may be downloaded to the specified directory and executed.

Vulnerability name Code Execution Vulnerability in WPS Office
Vulnerability type SQL injection
Discovery time 2023/8/9
Vulnerability Breadth wide
MPS number MPS-3pcb-l4mv
CVE number -
CNVD number -

Sphere of influence

WPS Office Personal Edition @(-∞, 12.1.0.15120]

WPS Office Organization @(-∞, 11.8.2.12085)

Repair plan

Update WPS Office Organization Edition to version 11.8.2.12085 or later
Upgrade WPS Office Personal Edition to version 12.1.0.15120 or later
Avoid clicking pictures or objects with hyperlinks

reference link

https://www.oscs1024.com/hd/MPS-3pcb-l4mv

https://security.wps.cn/notices/35

About Murphy Security

Murphy Security is a technology company that provides you with professional software supply chain security management. The core team comes from Baidu, Huawei, Wuyun and other enterprises. The company provides customers with a complete software supply chain security management platform, and provides software with a full life cycle around SBOM Security management, platform capabilities include software component analysis, source security management, container image detection, vulnerability intelligence early warning and commercial software supply chain access assessment and other products. Provide customers with complete control capabilities from supply chain asset identification management, risk detection, security control, and one-key repair.
Open source project: https://github.com/murphysecurity/murphysec/?sf=qbyj

The product can be integrated with various tools in the existing development process at a very low cost, including seamless integration with dozens of tools such as IDE, Gitlab, Bitbucket, Jenkins, Harbor, and Nexus.
Free code security detection tool: https://www.murphysec.com/?sf=qbyj
Free intelligence subscription: https://www.oscs1024.com/cm/?sf=qbyj

insert image description here

Guess you like

Origin blog.csdn.net/murphysec/article/details/132203119
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com