CVE-2024-35205: 
Kingsoft WPS Office vulnerability analysis and mitigation

The WPS Office (cn.wps.moffice_eng) application before version 17.0.0 for Android contains a path traversal vulnerability (CVE-2024-35205) that fails to properly sanitize filenames before processing them through external application interactions. This vulnerability affects over 500 million Android users and was discovered in May 2024 (Microsoft Blog).

The vulnerability arises from improper implementation of Android's content provider mechanism, which is designed for secure file sharing between applications. When WPS Office receives files from other applications, it fails to validate or sanitize filenames, allowing a malicious app to potentially overwrite existing native libraries used by WPS Office. This vulnerability is part of a broader pattern called the "Dirty Stream" attack, where a malicious app can declare a rogue version of the FileProvider class to share files with names controlled by the attacker (Microsoft Blog, Security Online).

The vulnerability could lead to arbitrary code execution and token theft. An attacker could potentially gain full control over the application's behavior, manipulate WPS Office to perform unauthorized actions, or access sensitive user data. The impact extends to potential compromise of user security through unauthorized access to online accounts (Security Online).

Users are strongly advised to update their WPS Office application to version 17.0.0 or above, which includes a fix for the CVE-2024-35205 vulnerability. Additionally, users should be cautious about the permissions they grant to applications and avoid installing software from unknown or untrusted sources (Security Online).