A security researcher has discovered a critical exploit in Microsoft's Internet Explorer browser that could let hackers steal files from your system. What's worse, even if you no longer use the archaic web browser, you could still fall prey to the attack. Security researcher John Page published proof-of-concept code detailing how the flaw could be carried out.
Scroll down for video A critical exploit in Microsoft's Internet Explorer could let hackers steal files from your system. Even if you no longer use the archaic web browser, you could still fall prey to the attack 'Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .
MHT file locally,' Page explained. 'This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.'Just 7 percent of Windows users continue to use Internet Explorer, however, over 1 billion computers run Windows 7 or Windows 10 and have the browser installed on their machine, Forbes noted.
RELATED ARTICLES Previous 1 Next 'Proof' of life on Mars: Meteorite from the red planet... CGI influencer Lil Miquela makes her Coachella debut:... Stone Age megalith tombs were mass graves of up to TEN... Why we have nightmares: Scientists reveal higher activity in... Share this article Share This means that while only a fraction of users are still on Internet Explorer, the threat is actually much larger, given the way the security flaw operates.
The flaw relies on '.MHT' files, which is a file type used for web pages that are saved on Internet Explorer.For example, when a user saves a webpage, either manually or by typing CRTL and the 'S' key, it saves in .MHT format. Just 7 percent of Windows users continue to use Internet Explorer, however, over 1 billion computers run Windows 7 or Windows 10 and have the browser installed on their machineAll users need to do is open the malicious .
MHT file on their device and it should launch Internet Explorer. Modern browsers save webpages in .HTML format, so opening a .MHT file triggers Internet Explorer automatically. 'Afterwards, user interactions like duplicate tab "Ctrl+K" and other interactions like right click "Print Preview" or "Print" commands on the web-page may also trigger the XXE vulnerability,' Page continued.
.Microsoft was notified of the flaw last month, but chose not to issue an urgent patch for it, adding that it will release a.....