Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC

Title: Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC
Advisory ID: ZSL-2008-4897
Type: Local/Remote
Impact: DoS
Risk: (4/5)
Release Date: 11.09.2008
Summary
Maxthon Browser is a powerful tabbed browser built for all users. Besides basic browsing functionality, Maxthon Browser provides a rich set of features to improve your surfing experience.
Description
Maxthon Browser is prone to a denial-of-service vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage. Successfully exploiting this issue will allow the attacker to crash the application, denying service to legitimate users.
Vendor
Maxthon International Ltd - http://www.maxthon.com
Affected Version
2.1.4.443 UNICODE
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
N/A
PoC
maxthon_dos.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.milw0rm.com/exploits/6434
[2] http://www.packetstormsecurity.org/filedesc/maxthon-dos.txt.html
[3] http://www.securityfocus.com/bid/31098
Changelog
[11.09.2008] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk