CVE-2019-16647
published 2019-10-29CVE-2019-16647: Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
PriorityP181high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
1.96%
77.8th percentile
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maxthon | maxthon_browser | 5.1.0 – 5.2.7 | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8pp9-95mf-4fhv: Unquoted Search Path in Maxthon 5
ghsa_unreviewed·2022-05-24
CVE-2019-16647 [HIGH] CWE-428 GHSA-8pp9-95mf-4fhv: Unquoted Search Path in Maxthon 5
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
VulnCheck
maxthon maxthon_browser Unquoted Search Path or Element
vulncheck·2019·CVSS 7.2
CVE-2019-16647 [HIGH] maxthon maxthon_browser Unquoted Search Path or Element
maxthon maxthon_browser Unquoted Search Path or Element
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
Affected: maxthon maxthon_browser
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://cybersecurityworks.com/howdymanage/uploads/file/ransomware-_-2022-spotlight-report_compressed.pdf; https://www.ivanti.com/resources/v/doc/pr-survey-report/ransomware-quarterly-indexreport_q2-q3; https://info.securin.io/hubfs/Securin%20Ransomware%20Report%202023.pdf; https://4502402.fs1.hubspotusercontent-na1.net/hubfs/4502402/Ransomware%20-%20Index%20Update%20Q1%202023.pdf; https://4502402.fs1.hubspotusercon
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://forum.maxthon.com/index.php?/topic/24472-unquoted-search-path-and-potential-abuses/https://safebreach.com/Post/Maxthon-Browser-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-16647http://forum.maxthon.com/index.php?/topic/24472-unquoted-search-path-and-potential-abuses/https://safebreach.com/Post/Maxthon-Browser-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-16647
2019-10-29
Published
Exploited in the wild