RETIRED: Maxthon Browser Remote Denial of Service Vulnerability

Bugtraq ID:	31098
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Sep 09 2008 12:00AM
Updated:	Sep 19 2008 09:00PM
Credit:	Gjoko 'LiquidWorm' Krstic
Vulnerable:	Maxthon Maxthon Browser 2.1.4 .443
Not Vulnerable:

RETIRED: Maxthon Browser Remote Denial of Service Vulnerability

Maxthon Browser is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue will allow the attacker to crash the application, denying service to legitimate users.

This issue affects Maxthon Browser 2.1.4.443; other versions may also be affected.

UPDATE (September 19, 2008): This BID is being retired because the issue is caused by an endless loop resulting in resource consumption.

RETIRED: Maxthon Browser Remote Denial of Service Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/31098.html.txt

RETIRED: Maxthon Browser Remote Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

RETIRED: Maxthon Browser Remote Denial of Service Vulnerability

References:

• Maxthon Homepage (Maxthon)