Internet Explorer browser flaw threatens all Windows users
Nearly four years after it was replaced by Edge as Microsoft’s preferred Windows browser, researchers keep finding unpleasant security flaws in Internet Explorer (IE).
The latest is a proof of concept (POC) published by researcher John Page (aka hyp3rlinx) that exploits a weakness in the way the browser handles MHTML (MHT) files, IE’s default web page archiving format.
If Windows 7, Windows 10 or Windows Server 2012 R2 encounters one of these, it attempts to open them using IE which means that an attacker simply has to persuade the user to do that. Success would…
Allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.
IE should throw up a security warning, but this could be bypassed Page said:
Opening a specially crafted .MHT file using malicious markup tags the user will get no such active content or security bar warnings.