By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems. The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL S (Save web page) command. Modern browsers don't save web pages in MHT format anymore, and use the standard HTML file format; however, many modern browsers still support processing the format. Today, security researcher John Page published details about an XXE (XML eXternal Entity) vulnerability in IE that can be exploited when a user opens an MHT file. "This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information," Page said. "Example, a request for 'c:Python27NEWS.txt' can return version information for that program." Because on Windows all MHT files are automatically set to open by default in Internet Explorer, exploiting this vulnerability is trivial, as users only need to double-click on a file they received via email, instant messaging, or another vector. Page said the actual vulnerable code relies on how Internet Explorer deals with CTRL K (duplicate tab), "Print Preview," or "Print" user commands. But, as Windows uses IE as the default app to open MHT files, users don't necessarily have to have IE set as their default browser, and are still vulnerable as long as IE is still present on their systems, and they're tricked into opening an MHT file. This vulnerability should not be taken lightly, despite Microsoft's response. Read the complete story on OUR FORUM.

 

Translate