Zero-day vulnerability discovered in Internet Explorer, the possibility of the file being stolen on PC


by

mynetx

A security researcher has found that a zero-day vulnerability exists in Internet Explorer (IE), a Microsoft web browser. The vulnerability could allow hackers to steal files from Windows PCs.

hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt

Internet Explorer zero-day lets hackers steal files from Windows PCs | ZDNet
https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/

The zero-day vulnerability discovered by security researchers is related to IE's ' MHT (MHTML) file handling method'. MHT is a standard used when trying to save web pages when the user uses the shortcut 'Ctrl + S' on IE. While recent web browsers are less likely to store web pages in MHT format, there are many cases where even modern web browsers support processing of MHT format files.

Security researcher John Page has found that IE is vulnerable in the processing of such MHT format files. The zero-day vulnerability he discovered is called ' XML External Entity Attack ', and an attacker at a remote location extracts local files (within the PC) and remotely reckons version information of locally installed programs. It may be possible to be able to


by

Markus Spiske

In Windows, all MHT files are set by default to open automatically in IE, so users can double-click on MHT files received by mail, instant message or other methods, and XML external entity attack There is a possibility of receiving. Page says that the code for the vulnerability depends on how IE handles shortcuts such as 'Ctrl + K' (duplicating tabs). In addition, 'A vulnerability attack should work well even if the user does not manipulate the web page just by calling window.print (a method to open the print dialog for printing the page),' said the page. He points out.

In addition, using the vulnerability discovered by Mr. Page, IE's security alert system can also be disabled. 'Normally, users who have installed ActiveX, such as 'Microsoft.XMLHTTP', receive security alerts on IE and are encouraged to block content. However, malicious attackers crafted using XML markup tags In the case of MHT files, security warnings will not be displayed on IE when opened, explains Mr. Page.

Page zero's zero-day vulnerability has been verified to work on Windows 7/10 / SERVER 2012 R2. In addition, Windows still opens MHT files by default in IE, so even if the user does not set IE as the default browser, there is a risk that the file in the PC will be stolen if it is attacked using a vulnerability.


by tonynetone

Page reportedly notified Microsoft of the vulnerability discovered on March 27, 2019. However, 'A fix for this issue will be considered in a future version of the product or service. Microsoft does not have plans to provide ongoing updates of the status of the fix for this issue.' The message 'This problem is solved' has been returned, and it has been found that immediate corrective action can not be expected.

Therefore, Mr. Page announces IE zero vulnerability on his blog, and even public demonstration of proof of concept on YouTube.

Internet Explorer / XML External entity Injection 0day-YouTube


Foreign media ZDNet said, 'Microsoft's response was light, but don't neglect this vulnerability. A cybercriminal group who used MHT files to spear phishing and distribute malware in the past Also, MHT files are becoming one of the more common ones used to create exploit kits to attack users' computers. '

in Software,   Video,   Security, Posted by logu_ii