Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в браузерах Maxthon и Avant

From:Roberto Suggi Liverani <malerischnet_(at)_gmail.com>
Date:12 декабря 2012 г.
Subject:Multiple critical vulnerabilities in Maxthon and Avant browsers



Hi,

Below you can find a short summary of discovered vulnerabilities in
Maxthon and Avant browsers.
Such vulnerabilities were demonstrated during HITBAMS2012 security
conference and more recently at HackPra.

Affected Products

- Maxthon (www.maxthon.com)
- Avant Browser (www.avantbrowser.com)

Security advisories

- [advisory] Maxthon multiple vulnerabilities:
http://www.security-assessment.com/files/documents/advisory/Maxthon_multiple_vuln
erabilities_advisory.pdf

- [advisory] Avant multiple vulnerabilities:
http://www.security-assessment.com/files/documents/advisory/Avant_multiple_vulner
abilities_advisory.pdf


Individual security advisories, exploit modules and video links can be
found below.

[1] Maxthon - Cross Context Scripting - about: history - Remote Code Execution

[advisory] http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-about-histo
ry-rce.html

[metasploit module]
https://github.com/malerisch/metasploit-
framework/blob/maxthon3/modules/exploits/windows/browser/maxthon_history_xcs.rb
[demo] http://www.youtube.com/watch?v=d-55asVLqNI


[2] Maxthon - Cross Context Scripting (XCS) - RSS - Remote Code Execution

[advisory] http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-rss-rce.htm
l

[metasploit module]
https://github.com/malerisch/metasploit-
framework/blob/maxthon3/modules/exploits/windows/browser/maxthon_rss_xcs.rb
[demo] http://www.youtube.com/watch?v=d-55asVLqNI


[3] Maxthon - Privileged APIs on i.maxthon.com

[advisory] http://blog.malerisch.net/2012/12/maxthon-privileged-api-imaxthoncom.html
[demo] http://www.youtube.com/watch?v=1IqZBS0O2Hs


[4] Maxthon - Cross Context Scripting (XCS) - Bookmark Toolbar and
Bookmark Sidebar - Code Execution

[advisory] http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-bookmark.ht
ml

[demo] http://www.youtube.com/watch?v=YR0RQz45t3M


[5] Maxthon - Incorrect Executable File Handling and Same Origin
Policy Implementation

[advisory] http://blog.malerisch.net/2012/12/maxthon-incorrect-executable-file-sop.html


[6] Avant Browser - Same of Origin Policy Bypass - browser:home

[advisory] http://blog.malerisch.net/2012/12/avant-browser-same-of-origin-policy.html
[BeEF module] https://github.
com/malerisch/beef/tree/avant_browser/modules/exploits/avant_steal_history
[demo] http://www.youtube.com/watch?v=I4LiSfTmuM0


[7] Avant Browser - Stored Cross Site Scripting - Feed Reader
(browser://localhost/lst?*)

[advisory] http://blog.malerisch.net/2012/12/avant-browser-stored-cross-site-scripting.html

[demo] http://www.youtube.com/watch?v=-mShxsspxy8


[8] Avant Browser - Cross Context Scripting - browser:home - Most
Visited And History Tabs

[advisory] http://blog.malerisch.net/2012/12/avant-browser-cross-context-scripting.html
[demo] http://www.youtube.com/watch?v=cHHtsOpYGH4

References

[presentation] HITBAMS2012 - Window Shopping: Browser Bugs Hunting in
2012 - http://www.security-assessment.com/files/documents/presentations/window_shopping_
browser_bug_hunting_in_2012_roberto_suggi_liverani_scott_bell.pdf

[presentation] HackPra - Cross Context Scripting attacks &
exploitation - http://www.slideshare.net/robertosl81/cross-context-scripting-attacks-exploitatio
n


Any further material, comments or updates will be communicated over
Twitter, at https://twitter.com/malerisch

Roberto Suggi Liverani

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород