Maxthon Web Browser Plug-in API Directory Traversal Vulnerability
BID:13074
Info
Maxthon Web Browser Plug-in API Directory Traversal Vulnerability
| Bugtraq ID: | 13074 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1090 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 08 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | Discovery of this issue is credited to "Aviv Raff" <[email protected]>. |
| Vulnerable: |
Maxthon Maxthon 1.2.1 Maxthon Maxthon 1.2 |
| Not Vulnerable: | |
Discussion
Maxthon Web Browser Plug-in API Directory Traversal Vulnerability
It is reported that the Maxthon Web browser Plug-ins employ 'readFile()' and 'writeFile()' API calls to access files in the Plug-in installation directory. However, reports indicate that it is possible to invoke these API calls to read and write arbitrary files by supplying directory traversal sequences in the path to a target file.
A remote attacker may exploit this issue to read and write files on a target computer with the privileges of a user that is running the vulnerable Web browser.
It is reported that the Maxthon Web browser Plug-ins employ 'readFile()' and 'writeFile()' API calls to access files in the Plug-in installation directory. However, reports indicate that it is possible to invoke these API calls to read and write arbitrary files by supplying directory traversal sequences in the path to a target file.
A remote attacker may exploit this issue to read and write files on a target computer with the privileges of a user that is running the vulnerable Web browser.
Exploit / POC
Maxthon Web Browser Plug-in API Directory Traversal Vulnerability
A proof of concept is available at the following location:
http://www.raffon.net/advisories/maxthon/nosecidpoc.html
A proof of concept is available at the following location:
http://www.raffon.net/advisories/maxthon/nosecidpoc.html
Solution / Fix
Maxthon Web Browser Plug-in API Directory Traversal Vulnerability
Solution:
It is reported that this vulnerability is addressed in Maxthon version 1.2.2. This is not confirmed. Customers are advised to contact the vendor for further information in regards to obtaining and applying an appropriate fix.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that this vulnerability is addressed in Maxthon version 1.2.2. This is not confirmed. Customers are advised to contact the vendor for further information in regards to obtaining and applying an appropriate fix.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Maxthon Web Browser Plug-in API Directory Traversal Vulnerability
References:
References:
- Maxthon Homepage (Maxthon)