PT-2005-2110 · Maxthon · Maxthon
Published
2005-04-13
·
Updated
2008-09-05
·
CVE-2005-1091
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Maxthon versions 1.2.0 through 1.2.1
Description
The issue allows remote attackers to bypass the security ID and use restricted plugin API functions. This is achieved via a script that includes the max.src file into the source page.
Recommendations
For Maxthon versions 1.2.0 and 1.2.1, consider restricting access to the max.src file to prevent its inclusion in source pages until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Maxthon