Security researcher John Page has published details and a proof-of-concept about a zero-day in Internet Explorer. With the error, hackers can steal files from Windows systems.
The vulnerability lies in the way Internet Explorer processes MHT files, writes ZDNet. MHT stands for MHTML Web Archive and is the default by which all Internet Explorer browsers store web pages when the user presses CTRL+S. Modern browsers no longer store pages in MHT, but many still support the format.
Operation
The vulnerability John Page publishes about is a XXE vulnerability that can be exploited when a user opens an MHT file. “This can enable remote attackers to collect local files and perform remote reconnaissance on locally installed Program version information,” says Page.
Because all MHT files on Windows are opened by default in Internet Explorer, exploiting the vulnerability is easy. All users have to do is double-click on a file they’ve received via email, a chat app or any other medium.
The actual vulnerable code revolves around how the browser handles CTRL+K (duplicate tab), ‘Print Preview’ and users’ ‘Print’ commands. Normally this requires some user interaction, but according to Page the interaction can be automated. In addition, the browser’s security alarm system can be disabled.
Microsoft response
Page states that he notified Microsoft of the vulnerability on March 27, but that the company refused to consider the bug for a quick fix. “We have decided that a solution to this problem is being considered for a future version of this product or service”, said Microsoft on April 10 in a mail, suggests Page. “At the moment, we do not provide continuous updates on the status of the solution to this problem, and have closed the case.”
After that reaction, the researcher shared details about the vulnerability, together with proof-of-concept code.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.