Maxthon Browser contains a flaw that allows a remote attacker to read and
write from/to files outside of the plug-in's directory. The issue is due to the readFile() and writeFile() API functions not properly sanitizing user input, specifically traversal style attacks (../../), resulting in a loss of confidentiality and integrity.
Upgrade to version 1.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Discovery of this issue is credited to "Aviv Raff" <email@example.com>.
Maxthon Maxthon 1.2.1
Maxthon Maxthon 1.2
It is reported that the Maxthon Web browser Plug-ins employ 'readFile()' and 'writeFile()' API calls to access files in the Plug-in installation directory. However, reports indicate that it is possible to invoke these API calls to read and write arbitrary files by supplying directory traversal sequences in the path to a target file.
A remote attacker may exploit this issue to read and write files on a target computer with the privileges of a user that is running the vulnerable Web browser.
A proof of concept is available at the following location:
It is reported that this vulnerability is addressed in Maxthon version 1.2.2. This is not confirmed. Customers are advised to contact the vendor for further information in regards to obtaining and applying an appropriate fix.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.