Kingsoft Office Remote Code Execution

CVE-2014-2271

    Type

  • Remote Code Execution through MitM Attack on Kingsoft Office Application

    • Severity

  • High

    • Affected products

  • Kingsoft Office

    • Date

  • 2014-11-05

    • CVE Reference

  • CVE-2014-2271
Read more

MWR have discovered a vulnerability in the Kingsoft Office application, shipped by default with the Huawei P2 mobile phone. The vulnerability takes advantage of an SSL connection falling back to a clear text connection in order to inject content into a WebView with a vulnerable JavaScript bridge. Exploiting this issue allows an attacker to remotely execute commands on the device in the context of the Kingsoft Office application.

The advisory can be downloaded here.