Internet Explorer bug affects even those who never use the browser2019-04-16 16:08 by Daniela
Tags: Internet Explorer
Security researcher John Page warns that Microsoft's Internet Explorer has a critical security flaw that allows hackers to spy on you and steal personal data from your PC. You may think that you're not concerned, because you don't use IE. However, the flaw that's been discovered can be exploited even if you never intentionally use Internet Explorer.
The exploit revolves around a file format that very few probably remember by now. They're called MHTs and they're the special format that Microsoft once used when saving web pages in Internet Explorer. These days, web pages are saved as proper and standard HTML files but browsers, like IE, still retain the ability to open them.
"Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally," writes Page. "This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information."
In other words, if a victim receives the MHT file as an attachment and double clicks it, then the PC is compromised. Normally this would trigger a security warning in Internet Explorer, but Page explains that blocking that is equally trivial for a hacker that knows what they're doing.
Read more -here-