Summary
This host is installed with Maxthon Browser and is prone to Address Bar Spoofing vulnerability.
Impact
Successful exploitation lets the attackers to spoof parts of the address bar and modify page content on a host that a user may consider partly trusted.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Address bar can be spoofed via 'window.open()' with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
Affected
Maxthon version 2.5.3.80 on Windows.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3006 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
- Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Win)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
- Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)