PT-2005-2110 · Maxthon · Maxthon

Publicado

2005-04-13

Atualizado

2008-09-05

CVE-2005-1091

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Maxthon versions 1.2.0 through 1.2.1

Description The issue allows remote attackers to bypass the security ID and use restricted plugin API functions. This is achieved via a script that includes the max.src file into the source page.

Recommendations For Maxthon versions 1.2.0 and 1.2.1, consider restricting access to the max.src file to prevent its inclusion in source pages until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-1091

Produtos afetados

Maxthon

PT-2005-2110 · Maxthon · Maxthon

CVE-2005-1091

Identificadores relacionados

Produtos afetados

Referências · 5