New Internet Explorer zero-day vulnerability would allow local file theft

Internet Explorer is not exactly the most popular search engine, and this new security incident definitively won’t help. According to cyber forensics course specialists from the International Institute of Cyber Security (IICS), new zero-day vulnerability has been discovered in this search engine that makes Windows OS computers vulnerable to file theft attacks.

According to the reports, the vulnerability is found in the use of Internet Explorer MHT files when a user saves a webpage. The vulnerability is in the opening of MHT files. “Internet Explorer is vulnerable to an XML External Entity attack if a user opens a specially designed MHT file. This drawback would allow an attacker to extract local files and perform a remote reconnaissance of the Program version installed on the compromised machine. For example, sending a c:Python27NEWS.txt request might return the version information of that program  as a response”.

According to the cyber forensics course experts, a computer is still vulnerable to this attack even if it does not use Internet Explorer as its default browser, it is only required that this program is installed on the computer and that the user opens a MHT file, because the Windows system uses Internet Explorer to open the MHT files by default.

Researchers in charge of discovering this vulnerability published their findings, including a proof of concept of exploitation, in recent days, and say that Microsoft is aware of this security problem. In this regard, Microsoft stated: “A correction for this vulnerability could be launched in the future; at the moment no updates will be developed for this incident. The case is closed”, concluded the company.

Although the company has decided not to correct this zero day vulnerability for the moment, it is necessary to emphasize that the exploit published by the investigators has proved to be functional in Internet Explorer 11 in Windows 10 and 7 systems, mention the cyber forensics course specialists.

(Visited 1 298 times)