WPS Office Rce POC

WPS Office Rce POC

vPython by Prapattimynk

Affected version : WPS Office 2023 个人版 < 11.1.0.15120WPS Office 2019 企业版 < 11.8.2.12085Vulnerability introduction:What is WebExtension A WebExtension in Office (commonly known as an Office add-i

Android Android 5.0Exploits And POCs
( 396 ratings )
Price: $0
File WPS Office Rce POC
Publisher Prapattimynk
Genre Exploits And POCs
File Type Python
Os All
Mod Version Python
Report Report
WPS Office Rce POC is the most famous version in the WPS Office Rce POC series of publisher
Download

Affected version :

  • WPS Office 2023 个人版 < 11.1.0.15120
  • WPS Office 2019 企业版 < 11.8.2.12085

Vulnerability introduction:

What is WebExtension

A WebExtension in Office (commonly known as an Office add-in or Office application) is a technology used to extend the functionality of Microsoft Office. Office Add-ins enable third-party developers to integrate their own services and functionality within Office applications. These plugins are developed using cross-platform web technologies such as HTML, CSS, and JavaScript to run on different platforms and devices. A simple understanding is that office has a built-in browser that can parse html/javascript/css codes. The vulnerability this time is that WPS failed to process javascript code correctly when processing WebExtension, resulting in an overflow RCE. (You can refer to the RCE vulnerability that was exposed in chrome before, and the RCE vulnerability in WeChat Windows version < 3.1.2.141, which is similar)



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.