Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Internet Explorer zero-day lets hackers steal files from Windows PCs

4 Weeks Ago   #1
Brink

64-bit Windows 10 Pro
 
 
Internet Explorer zero-day lets hackers steal files from Windows PCs

Quote:
A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL+S (Save web page) command.

Modern browsers don't save web pages in MHT format anymore, and use the standard HTML file format; however, many modern browsers still support processing the format.

AN XXE IN IE 11

Today, security researcher John Page published details about an XXE (XML eXternal Entity) vulnerability in IE that can be exploited when a user opens an MHT file.

"This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed

Program version information," Page said. "Example, a request for 'c:\Python27\NEWS.txt' can return version information for that program."



Read more: Internet Explorer zero-day lets hackers steal files from Windows PCs | ZDNet

See also: MSIE XXE 0day


My System SpecsSystem Spec
.
Reply

 Internet Explorer zero-day lets hackers steal files from Windows PCs




Thread Tools




Similar help and support threads
Thread Forum
Decade-old Windows kernel bug lets hackers bypass security protections
Read more: Decade-old Windows kernel bug lets hackers bypass security protections | ZDNet
News
Xenocode Online Browser Sandbox Lets Users Run Internet Explorer 8
SEATTLE--(BUSINESS WIRE)--Xenocode, a leader in application virtualization and delivery technology, today announced the immediate availability of the online Xenocode Browser Sandbox. The Browser Sandbox web site allows all popular Windows browsers to be run simultaneously,...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:06.
Twitter Facebook