Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Internet Explorer zero-day lets hackers steal files from Windows PCs
Source: ZDNet
Internet Explorer zero-day lets hackers steal files from Windows PCs
Microsoft refused to patch issue so security researcher released exploit code online.
By Catalin Cimpanu for Zero Day | April 12, 2019 -- 08:48 GMT (01:48 PDT) | Topic: Security
A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.
The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL+S (Save web page) command.
Modern browsers don't save web pages in MHT format anymore, and use the standard HTML file format; however, many modern browsers still support processing the format.
-snip-
Because on Windows all MHT files are automatically set to open by default in Internet Explorer, exploiting this vulnerability is trivial, as users only need to double-click on a file they received via email, instant messaging, or another vector.
-snip-
But, as Windows uses IE as the default app to open MHT files, users don't necessarily have to have IE set as their default browser, and are still vulnerable as long as IE is still present on their systems, and they're tricked into opening an MHT file.
-snip-
Microsoft refused to patch issue so security researcher released exploit code online.
By Catalin Cimpanu for Zero Day | April 12, 2019 -- 08:48 GMT (01:48 PDT) | Topic: Security
A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.
The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL+S (Save web page) command.
Modern browsers don't save web pages in MHT format anymore, and use the standard HTML file format; however, many modern browsers still support processing the format.
-snip-
Because on Windows all MHT files are automatically set to open by default in Internet Explorer, exploiting this vulnerability is trivial, as users only need to double-click on a file they received via email, instant messaging, or another vector.
-snip-
But, as Windows uses IE as the default app to open MHT files, users don't necessarily have to have IE set as their default browser, and are still vulnerable as long as IE is still present on their systems, and they're tricked into opening an MHT file.
-snip-
Read more: https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/
