Internet Explorer browser flaw threatens all Windows users

Nearly four years after it was replaced by Edge as Microsoft’s preferred Windows browser, researchers keep finding unpleasant flaws in Internet Explorer (IE).

The latest is a proof of concept (POC) published by researcher John Page (aka hyp3rlinx) that a weakness in the way the browser handles MHTML (MHT) files, IE’s default web page archiving format.

If Windows 7, Windows 10 or Windows Server 2012 R2 encounters one of these, it attempts to open them using IE which means that an attacker simply has to persuade the user to do that. Success would…

Allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.

IE should throw up a security warning, but this could be bypassed Page said:

Opening a specially crafted .MHT file using malicious markup tags the user will get no such active content or security bar warnings.

You might also like More from author

Comments are closed.