137th Day Of Lockdown

Maharashtra49026232728117092 Tamil Nadu2850242275754690 Andhra Pradesh2069601204641842 Karnataka164924842322998 Delhi1427231282324082 Uttar Pradesh113378668341981 West Bengal89666630601954 Bihar7179446294400 Gujarat68855517922604 Assam5549737225132 Rajasthan4941835186763 Odisha4255028698292 Haryana4005433444467 Madhya Pradesh3729827621962 Kerala3170019147103 Jammu and Kashmir2392716218449 Punjab2193014040539 Jharkhand165427503154 Chhatisgarh11408831987 Uttarakhand89015731112 Goa7947559570 Telangana751354330615 Tripura6014408437 Puducherry5123291475 Manipur3466192610 Himachal Pradesh3206200813 Nagaland26578247 Arunachal Pradesh204913263 Chandigarh137482023 Meghalaya10234236 Sikkim8544061 Mizoram5672890
Technology Other News 16 Apr 2019 Internet Explorer bu ...

Internet Explorer bug allows hackers to steal data even if browser is not in use

ANI
Published Apr 16, 2019, 3:21 pm IST
Updated Apr 16, 2019, 3:21 pm IST
MHT file locally, allowing hackers to remotely access the computer and exfiltrate local files.
Once a user opens the malicious file, it launches the browser.
 Once a user opens the malicious file, it launches the browser.

A security researcher has discovered a vulnerability in Microsoft’s Internet Explorer which allows hackers to potentially steal user data even if they don’t use the browser.

Security researcher John Page explained that the browser is vulnerable to XML External Entity attack if a user opens something malicious. MHT file locally, allowing hackers to remotely access the computer and exfiltrate local files.

 

The file format is used by Internet Explorer for its web archives and a user only needs to open the malicious attachment received either by email, messenger, or any other file transfer service, Mashable reports.

Once a user opens the malicious file, it launches the browser. Afterwards, even if the commands such as ‘Ctrl+K’ for tab duplication, ‘Print Preview’, or ‘Print’ are used on the webpage; it may trigger the XXE vulnerability.

Typically, Internet Explorer alerts users with a security bar if one tries to access objects like ‘Microsoft.XMLHTTP’. However, with the specially crafted MHT file using the malicious XML markup tags, no such warnings are shown.

 

The vulnerability has been tested using Internet Explorer 11 and affects Windows 7, Windows 19, and Windows Server 2012 R2 users.

Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter

...




ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT