CVE-2024-35205

Name of the Vulnerable Software and Affected Versions WPS Office versions prior to 17.0.0

Description The issue arises from the application's failure to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aiming to overwrite an existing native library utilized by WPS Office. Successful exploitation could result in the execution of arbitrary commands under the guise of WPS Office's application ID.

Recommendations For versions prior to 17.0.0, update to version 17.0.0 or later to resolve the issue. As a temporary workaround, consider restricting interactions with external applications to minimize the risk of exploitation. Avoid using potentially crafted library files until the issue is resolved.