CVE-2019-16647
HIGH EXPLOITED IN THE WILD RANSOMWAREMaxthon <5.2.7 - Privilege Escalation
Title source: llmExploitation Summary
CVE-2019-16647 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns.
Description
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
http://forum.maxthon.com/index.php?/topic/24472-unquoted-search-path-and-potential-abuses/
Exploit, Third Party Advisory x_refsource_misc
https://safebreach.com/Post/Maxthon-Browser-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-16647
Scores
CVSS v3
7.2
EPSS
0.0196
EPSS Percentile
77.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2022-01-26
InTheWild.io
2022-02-01
Ransomware Use
Confirmed
CWE
CWE-428
Status
published
Products (1)
maxthon/maxthon_browser
5.1.0 - 5.2.7
Published
Oct 29, 2019
Tracked Since
Feb 18, 2026