Multiple critical vulnerabilities in Maxthon and Avant browsers

2012-12-12T00:00:00

Description

Hi, Below you can find a short summary of discovered vulnerabilities in Maxthon and Avant browsers. Such vulnerabilities were demonstrated during HITBAMS2012 security conference and more recently at HackPra. Affected Products - Maxthon (www.maxthon.com) - Avant Browser (www.avantbrowser.com) Security advisories - [advisory] Maxthon multiple vulnerabilities: http://www.security-assessment.com/files/documents/advisory/Maxthon_multiple_vulnerabilities_advisory.pdf - [advisory] Avant multiple vulnerabilities: http://www.security-assessment.com/files/documents/advisory/Avant_multiple_vulnerabilities_advisory.pdf Individual security advisories, exploit modules and video links can be found below. [1] Maxthon - Cross Context Scripting - about: history - Remote Code Execution [advisory] http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-about-history-rce.html [metasploit module] https://github.com/malerisch/metasploit-framework/blob/maxthon3/modules/exploits/windows/browser/maxthon_history_xcs.rb [demo] http://www.youtube.com/watch?v=d-55asVLqNI [2] Maxthon - Cross Context Scripting (XCS) - RSS - Remote Code Execution [advisory] http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-rss-rce.html [metasploit module] https://github.com/malerisch/metasploit-framework/blob/maxthon3/modules/exploits/windows/browser/maxthon_rss_xcs.rb [demo] http://www.youtube.com/watch?v=d-55asVLqNI [3] Maxthon - Privileged APIs on i.maxthon.com [advisory] http://blog.malerisch.net/2012/12/maxthon-privileged-api-imaxthoncom.html [demo] http://www.youtube.com/watch?v=1IqZBS0O2Hs [4] Maxthon - Cross Context Scripting (XCS) - Bookmark Toolbar and Bookmark Sidebar - Code Execution [advisory] http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-bookmark.html [demo] http://www.youtube.com/watch?v=YR0RQz45t3M [5] Maxthon - Incorrect Executable File Handling and Same Origin Policy Implementation [advisory] http://blog.malerisch.net/2012/12/maxthon-incorrect-executable-file-sop.html [6] Avant Browser - Same of Origin Policy Bypass - browser:home [advisory] http://blog.malerisch.net/2012/12/avant-browser-same-of-origin-policy.html [BeEF module] https://github.com/malerisch/beef/tree/avant_browser/modules/exploits/avant_steal_history [demo] http://www.youtube.com/watch?v=I4LiSfTmuM0 [7] Avant Browser - Stored Cross Site Scripting - Feed Reader (browser://localhost/lst?*) [advisory] http://blog.malerisch.net/2012/12/avant-browser-stored-cross-site-scripting.html [demo] http://www.youtube.com/watch?v=-mShxsspxy8 [8] Avant Browser - Cross Context Scripting - browser:home - Most Visited And History Tabs [advisory] http://blog.malerisch.net/2012/12/avant-browser-cross-context-scripting.html [demo] http://www.youtube.com/watch?v=cHHtsOpYGH4 References [presentation] HITBAMS2012 - Window Shopping: Browser Bugs Hunting in 2012 - http://www.security-assessment.com/files/documents/presentations/window_shopping_browser_bug_hunting_in_2012_roberto_suggi_liverani_scott_bell.pdf [presentation] HackPra - Cross Context Scripting attacks & exploitation - http://www.slideshare.net/robertosl81/cross-context-scripting-attacks-exploitation Any further material, comments or updates will be communicated over Twitter, at https://twitter.com/malerisch Roberto Suggi Liverani

{"id": "SECURITYVULNS:DOC:28861", "bulletinFamily": "software", "title": "Multiple critical vulnerabilities in Maxthon and Avant browsers", "description": "\r\n\r\nHi,\r\n\r\nBelow you can find a short summary of discovered vulnerabilities in\r\nMaxthon and Avant browsers.\r\nSuch vulnerabilities were demonstrated during HITBAMS2012 security\r\nconference and more recently at HackPra.\r\n\r\nAffected Products\r\n\r\n- Maxthon (www.maxthon.com)\r\n- Avant Browser (www.avantbrowser.com)\r\n\r\nSecurity advisories\r\n\r\n- [advisory] Maxthon multiple vulnerabilities:\r\nhttp://www.security-assessment.com/files/documents/advisory/Maxthon_multiple_vulnerabilities_advisory.pdf\r\n- [advisory] Avant multiple vulnerabilities:\r\nhttp://www.security-assessment.com/files/documents/advisory/Avant_multiple_vulnerabilities_advisory.pdf\r\n\r\nIndividual security advisories, exploit modules and video links can be\r\nfound below.\r\n\r\n[1] Maxthon - Cross Context Scripting - about: history - Remote Code Execution\r\n\r\n[advisory] http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-about-history-rce.html\r\n[metasploit module]\r\nhttps://github.com/malerisch/metasploit-framework/blob/maxthon3/modules/exploits/windows/browser/maxthon_history_xcs.rb\r\n[demo] http://www.youtube.com/watch?v=d-55asVLqNI\r\n\r\n\r\n[2] Maxthon - Cross Context Scripting (XCS) - RSS - Remote Code Execution\r\n\r\n[advisory] http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-rss-rce.html\r\n[metasploit module]\r\nhttps://github.com/malerisch/metasploit-framework/blob/maxthon3/modules/exploits/windows/browser/maxthon_rss_xcs.rb\r\n[demo] http://www.youtube.com/watch?v=d-55asVLqNI\r\n\r\n\r\n[3] Maxthon - Privileged APIs on i.maxthon.com\r\n\r\n[advisory] http://blog.malerisch.net/2012/12/maxthon-privileged-api-imaxthoncom.html\r\n[demo] http://www.youtube.com/watch?v=1IqZBS0O2Hs\r\n\r\n\r\n[4] Maxthon - Cross Context Scripting (XCS) - Bookmark Toolbar and\r\nBookmark Sidebar - Code Execution\r\n\r\n[advisory] http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-bookmark.html\r\n[demo] http://www.youtube.com/watch?v=YR0RQz45t3M\r\n\r\n\r\n[5] Maxthon - Incorrect Executable File Handling and Same Origin\r\nPolicy Implementation\r\n\r\n[advisory] http://blog.malerisch.net/2012/12/maxthon-incorrect-executable-file-sop.html\r\n\r\n\r\n[6] Avant Browser - Same of Origin Policy Bypass - browser:home\r\n\r\n[advisory] http://blog.malerisch.net/2012/12/avant-browser-same-of-origin-policy.html\r\n[BeEF module] https://github.com/malerisch/beef/tree/avant_browser/modules/exploits/avant_steal_history\r\n[demo] http://www.youtube.com/watch?v=I4LiSfTmuM0\r\n\r\n\r\n[7] Avant Browser - Stored Cross Site Scripting - Feed Reader\r\n(browser://localhost/lst?*)\r\n\r\n[advisory] http://blog.malerisch.net/2012/12/avant-browser-stored-cross-site-scripting.html\r\n[demo] http://www.youtube.com/watch?v=-mShxsspxy8\r\n\r\n\r\n[8] Avant Browser - Cross Context Scripting - browser:home - Most\r\nVisited And History Tabs\r\n\r\n[advisory] http://blog.malerisch.net/2012/12/avant-browser-cross-context-scripting.html\r\n[demo] http://www.youtube.com/watch?v=cHHtsOpYGH4\r\n\r\nReferences\r\n\r\n[presentation] HITBAMS2012 - Window Shopping: Browser Bugs Hunting in\r\n2012 - http://www.security-assessment.com/files/documents/presentations/window_shopping_browser_bug_hunting_in_2012_roberto_suggi_liverani_scott_bell.pdf\r\n[presentation] HackPra - Cross Context Scripting attacks &\r\nexploitation - http://www.slideshare.net/robertosl81/cross-context-scripting-attacks-exploitation\r\n\r\nAny further material, comments or updates will be communicated over\r\nTwitter, at https://twitter.com/malerisch\r\n\r\nRoberto Suggi Liverani\r\n", "published": "2012-12-12T00:00:00", "modified": "2012-12-12T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28861", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:46", "edition": 1, "viewCount": 77, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12776"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12776"]}]}, "exploitation": null, "vulnersScore": 0.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645378169, "score": 1659803227}, "_internal": {"score_hash": "71296d7b426b019a2b5de50ac14788b5"}}