PT-2022-7914 · Ucweb · Uc Browser

X Ksi

Published

2022-06-13

Updated

2022-06-22

CVE-2017-20041

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Ucweb UC Browser version 11.2.5.932

Description A critical issue has been found in the HTML Handler component, where the manipulation of the title argument leads to improper restriction of rendered UI layers via a URL. This can be exploited remotely. The issue has been publicly disclosed and may be used for attacks.

Recommendations For Ucweb UC Browser version 11.2.5.932, consider restricting access to the HTML Handler component until a patch is available. As a temporary workaround, avoid using the title argument in URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

CVE-2017-20041

Affected Products

Uc Browser

PT-2022-7914 · Ucweb · Uc Browser

CVE-2017-20041

Weakness Enumeration

Related Identifiers

Affected Products

References · 5