6.5 C
New York
Wednesday, June 23, 2021

Internet Explorer allows reading of files

Must Read

Aakash Molpariya
Aakash started in Nov 2018 as a writer at Revyuh.com. Since joining, as writer, he is mainly responsible for Software, Science, programming, system administration and the Technology ecosystem, but due to his versatility he is used for everything possible. He writes about topics ranging from AI to hardware to games, stands in front of and behind the camera, creates creative product images and much more. He is a trained IT systems engineer and has studied computer science. By the way, he is enthusiastic about his own small projects in game development, hardware-handicraft, digital art, gaming and music. Email: aakash (at) revyuh (dot) com

About a vulnerability in Internet Explorer can be read with the help of prepared MHT files any files of a user. Microsoft does not want to close the zero-day security gap for the time being. Security researcher John Page had discovered the vulnerability and has now published a lack of response from Microsoft. For the time being, Windows users should not open MHT files.

If Web pages are saved locally using Internet Explorer, they are saved as MHTML web archives. These MHT files are opened by default with Internet Explorer, even for users who use Edge, Chrome or Firefox in their Surprise tag. Accordingly, it is sufficient for the attack when a user opens an MHT file – even in current Windows installations with Windows 7 or 10 with Internet Explorer 11.

With prepared MHT files, an error in the handling of XML objects can be exploited, a so-called XXE-gap (XML External Entity). Through this, any files of a Windows system can be read and transferred to a web server.

Microsoft does not want to solve the problem for the time being

The security researchers had the gap according to own data already discovered in March and reported to Microsoft. On April 10, Microsoft sent him the following statement: “We have decided to close the vulnerability in a future release of the product or service, at which time we will not release any ongoing updates on the status of the fix.” We have this case closed.” As a result, Page decided to publish the vulnerability along with proof-of-concept.

- Advertisement -
- Advertisement -

Latest News

Coffee lowers the risk of liver disease by up to 49%: scientists voice unexpected findings

Drinking 3 or 4 cups of coffee a day decreases the likelihood of developing liver disease and the number...
- Advertisement -

More Articles Like This

- Advertisement -