×
3 Tuesday, April 16, 2019 03:10

Internet Explorer hit by exploit that lets hackers steal users' data

A security researcher has discovered a critical exploit in Microsoft's Internet Explorer browser that could let hackers steal files from your system. What's worse, even if you no longer use the archaic web browser, you could still fall prey to the attack. Security researcher John Page published proof-of-concept code detailing how the flaw could be carried out.
 Scroll down for video  A critical exploit in Microsoft's Internet Explorer could let hackers steal files from your system. Even if you no longer use the archaic web browser, you could still fall prey to the attack 'Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .
MHT file locally,' Page explained. 'This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.'Just 7 percent of Windows users continue to use Internet Explorer, however, over 1 billion computers run Windows 7 or Windows 10 and have the browser installed on their machine, Forbes noted.
  RELATED ARTICLES Previous 1 Next 'Proof' of life on Mars: Meteorite from the red planet... CGI influencer Lil Miquela makes her Coachella debut:... Stone Age megalith tombs were mass graves of up to TEN... Why we have nightmares: Scientists reveal higher activity in... Share this article Share This means that while only a fraction of users are still on Internet Explorer, the threat is actually much larger, given the way the security flaw operates.
 The flaw relies on '.MHT' files, which is a file type used for web pages that are saved on Internet Explorer.For example, when a user saves a webpage, either manually or by typing CRTL and the 'S' key, it saves in .MHT format.  Just 7 percent of Windows users continue to use Internet Explorer, however, over 1 billion computers run Windows 7 or Windows 10 and have the browser installed on their machineAll users need to do is open the malicious .
MHT file on their device and it should launch Internet Explorer. Modern browsers save webpages in .HTML format, so opening a .MHT file triggers Internet Explorer automatically. 'Afterwards, user interactions like duplicate tab "Ctrl+K" and other interactions like right click "Print Preview" or "Print" commands on the web-page may also trigger the XXE vulnerability,' Page continued.
 'However, a simple call to the window.print() Javascript function should do the trick without requiring any user interaction with the webpage.'Additionally, the exploit works around Internet Explorer's typical security alert system. The flaw was successfully tested on the latest Internet Explorer Browser version, as well as on systems running Windows 7, Windows 10 and Windows Server 2012 R2.
.Microsoft was notified of the flaw last month, but chose not to issue an urgent patch for it, adding that it will release a.....
Full Story

News Code: 110524  |  DailyMail
All news has been gathered by RoboNews Crawler

Related News

Latest Sience news

Sience

Snake-Inspired Robot Slithers Fast

ScienceDaily
.
.
Bad news for ophiophobes: Researchers from the Harvard John A. Paulson School of Engineering and Applied Sciences (SEAS) have developed a new and improved snake-inspired soft robot...
Snake-Inspired Robot Slithers Fast

How Blindness Shapes Sound Processing

ScienceDaily
.
.
Research has shown that people who are born blind or become blind early in life often have a more nuanced sense of hearing, especially when it comes to musical abilities and tracki...
How Blindness Shapes Sound Processing

Defying the Laws of Physics? Bubbles of Sand

ScienceDaily
.
.
The flow of granular materials, such as sand and catalytic particles used in chemical reactors, and enables a wide range of natural phenomena, from mudslides to volcanos, as well a...
Defying the Laws of Physics? Bubbles of Sand

Latest news pictures
  • Why Diversification Matters
  • Demand is so high for 'Avengers: Endgame' that many AMC theaters will open 24 hours a day all weekend
  • Sean Hannity knew about the famous Trump Tower meeting more than a week before it became public, according to the Mueller report
  • Sri Lanka attacks: Authorities face scrutiny over advance warnings
  • Facebook hires top State Department lawyer as general counsel
  • The cost of oil shoots above $65 a barrel as the White House vows to bring Iran exports to zero
  • The Best Competitors to Every First-Party Google App and Service
  • Speed Up Your PC With a 1TB SSD For Just $100
  • China's New Video Game Rules Officially Ban Blood, Corpses, Mahjong, and Poker
  • 8 Unanswered Questions From 'Game Of Thrones' Episode 2: 'A Knight Of The Seven Kingdoms'
  • With Coachella Wrapped, Goldenvoice Heads West to Long Beach for Summer Festival Season
  • How Kelsey Lu Processed a Painful Past Into a Message of Hope on Her Debut Album 'Blood'
  • Kacey Musgraves Adds West Coast Dates to Oh, What A World: Tour II
  • Martin Garrix Teases Collab With Macklemore & Fall Out Boy's Patrick Stump: Listen
  • Ariana Grande's 13 Most Unforgettable Tweets
  • Snake-Inspired Robot Slithers Fast
  • How Blindness Shapes Sound Processing
  • Defying the Laws of Physics? Bubbles of Sand
  • Jamie Carragher lambasts Manchester United display against Everton
  • Episode 35: Jack Johnson/ALO's Zach Gill & Son Volt's Jay Farrar
  • ‘KUWTK: The Most Unforgettable Sibling Fights The...
  • Dell Technologies extends systems integrator agreement with Cisco
  • Linux on DeX now supports the Galaxy S9, Galaxy Tab S5e, and Galaxy Note 8, and hints at upcoming Galaxy Tab S5 support
  • What Black Widow Could Learn From Thanos
  • Big Video Game Sale On Now at Amazon: Kingdom Hearts, RE2 and More
  • Bad News for Spotify? Amazon Launches Free Music Streaming Service
  • REI has a little-known section of its website that sells gently used gear and clothes for up to 70% off — here's how it works
  • A $2,000 bridal get-up, $100 of body glitter, and $30 thrift store discoveries: We asked 11 people how much their Coachella outfits cost, and here's what they told us
  • Here's exactly why experts recommend one type of life insurance over the other
  • Barcelona boss Ernesto Valverde reveals La Liga demand before Liverpool clash
  • Qatar opens Gaza artificial limb and rehab centre
  • 'Just their shoes': Sri Lanka struggles to identify the dead
  • Your Corpse Is Likely Getting All Kinds of Fun New Options in Washington State
  • Blind People Really Do Have More Sensitive Hearing, MRI Study Finds
  • Meghan McCain's Explosive Feud with Joy Behar Continues on 'The View', Whoopi Goldberg Cuts to Commercial
  • Polyphonic Spree Announce #CareForTheCaravan Benefit for Migrants
  • Jamie Carragher lambastes Manchester United display against Everton
  • ‘Avengers: Endgame’: Why Fans Will Feel...
  • These Are the Rarest Animals in the World
  • Who Will Meet Prince Harry and Meghan Markle’s Baby First?