And if someone were to send you a malicious .MHT file (perhaps disguised as a download link or an email attachment), Internet Explorer would be the default application to open it.
"Typically, when instantiating ActiveX Objects [...] users will get a security warning bar in IE and be prompted to activate blocked content.
However, when opening a specially crafted .MHT file using malicious markup tags the user will get no such active content or security bar warnings."
Page says the reason he publicly disclosed this exploit -- and the accompanying code to pull it off -- is because Microsoft acknowledged the Threat but refused to treat it as an urgent matter.
Between Windows Updates , supply chain attacks and malware spreading via popular file-sharing websites, you already have enough to worry about.
- Internet Explorer on PCs threat to users: ReportLivemint
- This Microsoft tool is a threat to your PC, claims reportGadgets Now
- Microsoft will get around to fixing Internet Explorer exploit eventuallyNAG
- This Internet Explorer exploit could let hackers steal your dataPocket-lint.com
- Internet Explorer continues to threaten PC users with 0-day exploitSlashGear
- Internet Explorer zero-day lets hackers can steal your files even if you don't use itThe INQUIRER
- Internet Explorer lets Hackers To Steal Data even if you use Chrome or FirefoxThe Indian Wire
- Internet Explorer might be exposing you to hackers – even if you don't actually use itTrustedReviews
- Hackers Can Access Your Data Via Internet Explorer, Even If You Never Use ItMashable India
- Internet Explorer zero-day lets hackers steal files from Windows PCsZDNet
- Microsoft Internet Explorer v11 XML External Entity Injection 0day - hyp3rlinx - Altervistahyp3rlinx - Altervista