Kingsoft Office Remote Code Execution



  • Remote Code Execution through MitM Attack on Kingsoft Office Application
  • Severity

  • High
  • Affected products

  • Kingsoft Office
  • Date

  • 2014-11-05
  • CVE Reference

  • CVE-2014-2271

MWR have discovered a vulnerability in the Kingsoft Office application, shipped by default with the Huawei P2 mobile phone. The vulnerability takes advantage of an SSL connection falling back to a clear text connection in order to inject content into a WebView with a vulnerable JavaScript bridge. Exploiting this issue allows an attacker to remotely execute commands on the device in the context of the Kingsoft Office application.

The advisory can be downloaded here.