6.5 C
New York
Wednesday, August 17, 2022

Internet Explorer allows reading of files

Must Read

What Fills Earth’s Oceans With Life-supporting Oxygen? – New Scientific Theory

What drives Ocean Oxygenation? Is it driven by atmospheric oxygen levels or something else?

As Much As 56% Of People Will Never Know They Were Ever Infected With Omicron, Finds New Study

"More than one in every two people who were infected with Omicron didn't know they had it,"...

Researchers Reveal Surprising Secrets Of One Of Our Oldest Ancestors

For paleobiologists, it's one step forward and one step back. A large, international team...
Aakash Molpariya
Aakash started in Nov 2018 as a writer at Revyuh.com. Since joining, as writer, he is mainly responsible for Software, Science, programming, system administration and the Technology ecosystem, but due to his versatility he is used for everything possible. He writes about topics ranging from AI to hardware to games, stands in front of and behind the camera, creates creative product images and much more. He is a trained IT systems engineer and has studied computer science. By the way, he is enthusiastic about his own small projects in game development, hardware-handicraft, digital art, gaming and music. Email: aakash (at) revyuh (dot) com

About a vulnerability in Internet Explorer can be read with the help of prepared MHT files any files of a user. Microsoft does not want to close the zero-day security gap for the time being. Security researcher John Page had discovered the vulnerability and has now published a lack of response from Microsoft. For the time being, Windows users should not open MHT files.

If Web pages are saved locally using Internet Explorer, they are saved as MHTML web archives. These MHT files are opened by default with Internet Explorer, even for users who use Edge, Chrome or Firefox in their Surprise tag. Accordingly, it is sufficient for the attack when a user opens an MHT file – even in current Windows installations with Windows 7 or 10 with Internet Explorer 11.

With prepared MHT files, an error in the handling of XML objects can be exploited, a so-called XXE-gap (XML External Entity). Through this, any files of a Windows system can be read and transferred to a web server.

Microsoft does not want to solve the problem for the time being

The security researchers had the gap according to own data already discovered in March and reported to Microsoft. On April 10, Microsoft sent him the following statement: “We have decided to close the vulnerability in a future release of the product or service, at which time we will not release any ongoing updates on the status of the fix.” We have this case closed.” As a result, Page decided to publish the vulnerability along with proof-of-concept.

- Advertisement -
- Advertisement -

Latest News

- Advertisement -

More Articles Like This

- Advertisement -