Affected version :

• WPS Office 2023 个人版 < 11.1.0.15120
• WPS Office 2019 企业版 < 11.8.2.12085

Vulnerability introduction:

What is WebExtension

A WebExtension in Office (commonly known as an Office add-in or Office application) is a technology used to extend the functionality of Microsoft Office. Office Add-ins enable third-party developers to integrate their own services and functionality within Office applications. These plugins are developed using cross-platform web technologies such as HTML, CSS, and JavaScript to run on different platforms and devices. A simple understanding is that office has a built-in browser that can parse html/javascript/css codes. The vulnerability this time is that WPS failed to process javascript code correctly when processing WebExtension, resulting in an overflow RCE. (You can refer to the RCE vulnerability that was exposed in chrome before, and the RCE vulnerability in WeChat Windows version < 3.1.2.141, which is similar)