Maxthon Browser Plug-in readFile / writeFile Traversal Arbitrary File Manipulation

2005-04-08T06:54:46
ID OSVDB:15423
Type osvdb
Reporter Aviv Raff()
Modified 2005-04-08T06:54:46

Description

Vulnerability Description

Maxthon Browser contains a flaw that allows a remote attacker to read and write from/to files outside of the plug-in's directory. The issue is due to the readFile() and writeFile() API functions not properly sanitizing user input, specifically traversal style attacks (../../), resulting in a loss of confidentiality and integrity.

Solution Description

Upgrade to version 1.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Maxthon Browser contains a flaw that allows a remote attacker to read and write from/to files outside of the plug-in's directory. The issue is due to the readFile() and writeFile() API functions not properly sanitizing user input, specifically traversal style attacks (../../), resulting in a loss of confidentiality and integrity.

References:

Vendor URL: http://www.maxthon.com/ Secunia Advisory ID:14918 Related OSVDB ID: 15424 Other Advisory URL: http://www.raffon.net/advisories/maxthon/multvulns.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0146.html