Lucene search

[email protected]CVE-2008-3667

HistoryAug 13, 2008 - 6:41 p.m.

CVE-2008-3667

2008-08-1318:41:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-3667

maxthon browser

buffer overflow

remote code execution

content-type http header

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.676 Medium

EPSS

Percentile

98.0%

JSON

Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header.

Affected configurations

NVD

Node

maxthonmaxthon_browserRange≤2.0

maxthonmaxthon_browserMatch1.1.39

maxthonmaxthon_browserMatch1.2

maxthonmaxthon_browserMatch1.2.1

maxthonmaxthon_browserMatch1.6.3.80

CPENameOperatorVersion
maxthon:maxthon_browsermaxthon maxthon browserle2.0
maxthon:maxthon_browsermaxthon maxthon browsereq1.1.39
maxthon:maxthon_browsermaxthon maxthon browsereq1.2
maxthon:maxthon_browsermaxthon maxthon browsereq1.2.1
maxthon:maxthon_browsermaxthon maxthon browsereq1.6.3.80

CPE	Name	Operator	Version
maxthon:maxthon_browser	maxthon maxthon browser	le	2.0
maxthon:maxthon_browser	maxthon maxthon browser	eq	1.1.39
maxthon:maxthon_browser	maxthon maxthon browser	eq	1.2
maxthon:maxthon_browser	maxthon maxthon browser	eq	1.2.1
maxthon:maxthon_browser	maxthon maxthon browser	eq	1.6.3.80

References

downloads.securityfocus.com/vulnerabilities/exploits/30617-poc.pl

www.securityfocus.com/bid/30617

exchange.xforce.ibmcloud.com/vulnerabilities/44381

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.676 Medium

EPSS

Percentile

98.0%

JSON

Related for CVE-2008-3667

prion1 cvelist1 nvd1 kaspersky1