CVE-2012-10032

HIGH

Maxthon3 < 3.2.2 build 1000 - Cross-Context Scripting via about:history Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-10032. PoCs published by Metasploit, Roberto Suggi Liverani, sinn3r, juan vazquez, including Metasploit module exploits/windows/browser/maxthon_history_xcs.

AI-analyzed exploit summary This Metasploit module exploits a Cross-Context Scripting (XCS) vulnerability in Maxthon 3's about:history page to execute arbitrary commands. It leverages the trusted zone to modify settings and achieve RCE via the Program DOM API.

Description

Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs, including maxthon.program.Program.launch() and maxthon.io.writeDataURL(). Exploitation requires user interaction, typically by visiting a malicious webpage that triggers the injection.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/23225

This Metasploit module exploits a Cross-Context Scripting (XCS) vulnerability in Maxthon 3's about:history page to execute arbitrary commands. It leverages the trusted zone to modify settings and achieve RCE via the Program DOM API.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Maxthon 3 (versions prior to 3.3)
No auth needed
Prerequisites: Victim must be using Maxthon 3 (versions prior to 3.3) · Victim must visit a malicious URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Roberto Suggi Liverani, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/maxthon_history_xcs.rb

This Metasploit module exploits a Cross-Context Scripting (XCS) vulnerability in Maxthon3's about:history page to execute arbitrary commands by injecting malicious JavaScript into a trusted browser zone. It leverages Maxthon's Program DOM API to write and execute a payload on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Maxthon 3 (versions 3.1.7 build 600 to 3.2.2 build 1000)
No auth needed
Prerequisites: Target must be using a vulnerable version of Maxthon 3 · Target must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v4 8.7
EPSS 0.7061
EPSS Percentile 98.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
Maxthon International Ltd./Maxthon3 Browser 3.1.7 build 600 - 3.2.2 build 1000
Published Aug 05, 2025
Tracked Since Feb 18, 2026