WPS Office Weak Cryptographic Key Pair Vulnerability Allowing Adversary-In-The-Middle Attacks

A vulnerability exists in WPS Office (Kingsoft) on Windows due to the use of a weak cryptographic key pair in the signature verification process. This flaw allows an attacker who successfully recovers the private key to sign components. Additionally, older versions of WPS Office did not properly validate the update server's certificate, enabling Adversary-In-The-Middle (AitM) attacks that could hijack software updates.

Impact

Exploitation of this vulnerability could lead to the interception and manipulation of software updates, allowing the installation of malicious components disguised as legitimate updates.

Reproduction

The vulnerability can be reproduced by intercepting update requests from WPS Office using a network implant. This implant can be delivered through AitM attacks, taking advantage of the application's lack of certificate validation on update servers. Once the update request is intercepted, the implant can be injected by hijacking the download process, replacing the legitimate update with a malicious one.