6.5 C
New York
Wednesday, January 20, 2021

Internet Explorer allows reading of files

Must Read

Cradle of the Arab Spring: Tunisia engulfed by unrest

The authorities have deployed the national army in several provinces to protect government agencies. For the fourth day, Tunisia is...

A new solution to the mystery of Loch Ness Monster named

The legendary Nessie monster may be a species of "ancient sea turtle" that entered the lake during the end...

Why do some people hear the voices of the dead

A new study tries to find out why for some hearing voices is a symptom of mental illness but...
Aakash Molpariya
Aakash started in Nov 2018 as a writer at Revyuh.com. Since joining, as writer, he is mainly responsible for Software, Science, programming, system administration and the Technology ecosystem, but due to his versatility he is used for everything possible. He writes about topics ranging from AI to hardware to games, stands in front of and behind the camera, creates creative product images and much more. He is a trained IT systems engineer and has studied computer science. By the way, he is enthusiastic about his own small projects in game development, hardware-handicraft, digital art, gaming and music. Email: aakash (at) revyuh (dot) com

About a vulnerability in Internet Explorer can be read with the help of prepared MHT files any files of a user. Microsoft does not want to close the zero-day security gap for the time being. Security researcher John Page had discovered the vulnerability and has now published a lack of response from Microsoft. For the time being, Windows users should not open MHT files.

If Web pages are saved locally using Internet Explorer, they are saved as MHTML web archives. These MHT files are opened by default with Internet Explorer, even for users who use Edge, Chrome or Firefox in their Surprise tag. Accordingly, it is sufficient for the attack when a user opens an MHT file – even in current Windows installations with Windows 7 or 10 with Internet Explorer 11.

With prepared MHT files, an error in the handling of XML objects can be exploited, a so-called XXE-gap (XML External Entity). Through this, any files of a Windows system can be read and transferred to a web server.

Microsoft does not want to solve the problem for the time being

The security researchers had the gap according to own data already discovered in March and reported to Microsoft. On April 10, Microsoft sent him the following statement: “We have decided to close the vulnerability in a future release of the product or service, at which time we will not release any ongoing updates on the status of the fix.” We have this case closed.” As a result, Page decided to publish the vulnerability along with proof-of-concept.

- Advertisement -
- Advertisement -

Latest News

Cradle of the Arab Spring: Tunisia engulfed by unrest

The authorities have deployed the national army in several provinces to protect government agencies. For the fourth day, Tunisia is...
- Advertisement -

More Articles Like This

- Advertisement -