Internet Explorer (IE) zero-day lets hackers steal files from the windows system and the detailed report along with proof-of-concept code have been published by a security researcher to prove this.
The vulnerabilities are identified in the manner the MHT files are processed by the Internet Explorer. MHT is short for MHTML Web Archive. It is a default standard through which IE browser can save the web pages by hitting the CTRL+S. Whereas, the latest web browsers save the web pages in standard HTML file format instead of MHT format but some of them still support this format.
John Page, a security researcher has found the XML External Entity (XXE) vulnerability, in IE which can easily be exploited whenever an MHT file is opened by a user. According to him through this hackers will be able to extract Local files, can also scan through the information of locally installed program versions. Like version information of the program can be extracted when a request for c:\Python27\NEWS.tx is sent.
It is insignificant to exploit this vulnerability as the MHT files on Windows is by default set to be opened in Internet Explorer whenever a user double-click on the link that he might receive through email, message or any other source.
The real concern is the way the Internet Explorer deals when a duplicate tab is opened, Print Preview or Print commands are given. There is usually a little user interaction here which can be automated, as it is not necessarily required to further activate the vulnerability exploit chain. Rather a JavaScript function window.print() is enough instead of the interaction of the user with the webpage.
There is also another option, to disable the security alert system of Internet Explorer.
Users are normally warned through a security bar in IE, suggested to activate the blocked content whenever an ActiveX Objects as Microsoft.XMLHTTP is instantiated, mentioned the researcher. However, there will be no warning bar or any such prompting when especially crafted.MHT file is opened which has malicious <xml> mark-up tags.
The exploits were tested successfully by the researcher in the latest Internet Explorer browser which has the security patches, using Windows 7, Windows 10, and Windows Server 2012 R2 systems.
Internet Explorer was once dominating the market of the browser but is now limited to only 7.34 percent of the users, reveals the NetMarketShare data. Windows has IE as a default app to open MHT files, but users can change this option. Still, as long as IE is there on the systems, users can be tricked to open MHT files into it.
Microsoft was informed by Page about this vulnerability in response to which the company said this fix is not on the priority list yet. In their message, Microsoft mentioned that this issue will be considered in the next update of the product but the company cannot currently, provide an update on this and that this case is closed.
MHT file exploitations have already been used by cybercriminals for spreading malware and spear-phishing as these files are a common way to send and receive exploits to user’s systems. Thus this vulnerability should not be taken lightly.
MHT files are known for storing codes and should be scanned before opening.
Photo: Geekgiant / Flickr
Read next: Office 365 Security Unable to Detect a Large Number of Phishing Emails, Says Report
The vulnerabilities are identified in the manner the MHT files are processed by the Internet Explorer. MHT is short for MHTML Web Archive. It is a default standard through which IE browser can save the web pages by hitting the CTRL+S. Whereas, the latest web browsers save the web pages in standard HTML file format instead of MHT format but some of them still support this format.
John Page, a security researcher has found the XML External Entity (XXE) vulnerability, in IE which can easily be exploited whenever an MHT file is opened by a user. According to him through this hackers will be able to extract Local files, can also scan through the information of locally installed program versions. Like version information of the program can be extracted when a request for c:\Python27\NEWS.tx is sent.
It is insignificant to exploit this vulnerability as the MHT files on Windows is by default set to be opened in Internet Explorer whenever a user double-click on the link that he might receive through email, message or any other source.
The real concern is the way the Internet Explorer deals when a duplicate tab is opened, Print Preview or Print commands are given. There is usually a little user interaction here which can be automated, as it is not necessarily required to further activate the vulnerability exploit chain. Rather a JavaScript function window.print() is enough instead of the interaction of the user with the webpage.
There is also another option, to disable the security alert system of Internet Explorer.
Users are normally warned through a security bar in IE, suggested to activate the blocked content whenever an ActiveX Objects as Microsoft.XMLHTTP is instantiated, mentioned the researcher. However, there will be no warning bar or any such prompting when especially crafted.MHT file is opened which has malicious <xml> mark-up tags.
The exploits were tested successfully by the researcher in the latest Internet Explorer browser which has the security patches, using Windows 7, Windows 10, and Windows Server 2012 R2 systems.
Internet Explorer was once dominating the market of the browser but is now limited to only 7.34 percent of the users, reveals the NetMarketShare data. Windows has IE as a default app to open MHT files, but users can change this option. Still, as long as IE is there on the systems, users can be tricked to open MHT files into it.
Microsoft was informed by Page about this vulnerability in response to which the company said this fix is not on the priority list yet. In their message, Microsoft mentioned that this issue will be considered in the next update of the product but the company cannot currently, provide an update on this and that this case is closed.
MHT file exploitations have already been used by cybercriminals for spreading malware and spear-phishing as these files are a common way to send and receive exploits to user’s systems. Thus this vulnerability should not be taken lightly.
MHT files are known for storing codes and should be scanned before opening.
Photo: Geekgiant / Flickr
Read next: Office 365 Security Unable to Detect a Large Number of Phishing Emails, Says Report
