A security researcher has discovered a Vulnerability in Internet Explorer 11 for which there is no patch. The vulnerability relates to the way IE handles mht files. IE 11 is the default browser that opens these files.
Security researcher John Page developed an exploit for vulnerability. He successfully tested it on Internet Explorer 11 on currently updated Windows 7, Windows 10, and Windows Server 2012 R2 installations.
This is a so-called XML External Entity attack, which only requires a Windows user to be tempted to open a specially crafted mht file. Optionally, an attacker could disable IE’s warning when initializing ActiveX objects. Mht files are MHTML Web Archive, a format for archiving web pages. Whereas most browsers now save pages as html files, Internet Explorer does that by default in mht, writes ZDNet .
Internet Explorer is also the default browser that opens these types of files. Even if a Windows user has set another browser as the default and never uses IE, this Microsoft browser will open with the described attack. According to Page, this will potentially allow an attacker to hide local files and investigate versions of programs that the user has installed. The latter can make it possible to access the system through other vulnerabilities if the user is running old vulnerable versions of software.
Microsoft has assessed that the impact is low and the company will consider closing the leak sometime in the future. Page informed Microsoft on March 27 about the leak and after receiving the answer decided to publish about it.Viewing:-12
This post first appeared on Need Help Ask Us Now Most Important Technology New, please read the originial post: here