Vulnerabilities > CVE-2005-1091 - Information Disclosure vulnerability in Maxthon Web Browser Plug-in API Security ID

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

maxthon

NVD

Published: 2005-05-02

Updated: 2008-09-05

Summary

Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page.

Vulnerable Configurations

Part	Description	Count
Application	Maxthon Maxthon Maxthon 1.2 Maxthon Maxthon 1.2.1	2

References

http://secunia.com/advisories/14918
http://www.osvdb.org/15424
http://www.raffon.net/advisories/maxthon/multvulns.html
http://www.securityfocus.com/bid/13073