6.5 C
New York
Sunday, October 17, 2021

Internet Explorer allows reading of files

Must Read

Escaped child serial killer who drank blood of boys was hunted down by villagers

An escaped self-confessed child serial killer who drank the blood of boys he killed was tracked down...

Teen girls start developing tics shortly after watching TikTok videos of people displaying tics – doctors warn

Since the beginning of the pandemic, teenage girls all around the world have been showing up at...

Some drugs having anti-inflammatory may prevent the worst effects of COVID-19 infection – says study

Covid Vaccines have been shown to reduce COVID-19-related hospitalizations and deaths. However, the scientific community continues to...
Aakash Molpariya
Aakash started in Nov 2018 as a writer at Revyuh.com. Since joining, as writer, he is mainly responsible for Software, Science, programming, system administration and the Technology ecosystem, but due to his versatility he is used for everything possible. He writes about topics ranging from AI to hardware to games, stands in front of and behind the camera, creates creative product images and much more. He is a trained IT systems engineer and has studied computer science. By the way, he is enthusiastic about his own small projects in game development, hardware-handicraft, digital art, gaming and music. Email: aakash (at) revyuh (dot) com

About a vulnerability in Internet Explorer can be read with the help of prepared MHT files any files of a user. Microsoft does not want to close the zero-day security gap for the time being. Security researcher John Page had discovered the vulnerability and has now published a lack of response from Microsoft. For the time being, Windows users should not open MHT files.

If Web pages are saved locally using Internet Explorer, they are saved as MHTML web archives. These MHT files are opened by default with Internet Explorer, even for users who use Edge, Chrome or Firefox in their Surprise tag. Accordingly, it is sufficient for the attack when a user opens an MHT file – even in current Windows installations with Windows 7 or 10 with Internet Explorer 11.

With prepared MHT files, an error in the handling of XML objects can be exploited, a so-called XXE-gap (XML External Entity). Through this, any files of a Windows system can be read and transferred to a web server.

Microsoft does not want to solve the problem for the time being

The security researchers had the gap according to own data already discovered in March and reported to Microsoft. On April 10, Microsoft sent him the following statement: “We have decided to close the vulnerability in a future release of the product or service, at which time we will not release any ongoing updates on the status of the fix.” We have this case closed.” As a result, Page decided to publish the vulnerability along with proof-of-concept.

- Advertisement -
- Advertisement -

Latest News

- Advertisement -

More Articles Like This

- Advertisement -