Tip Us Hey you, we are hiring! Join us if you are an author, developer or designer!

Internet explorer exploit could let hackers steal user data

15 April 2019 4

A new vulnerability has been discovered by security researchers in Internet Explorer that could allow hackers to steal sensitive user data. The vulnerability has been revealed by John Page (aka hyp3rlinx) which could potentially allow attackers to access a user’s computer's local files and spy on the user remotely.

The researcher states that the most troubling part of this discovery is that users don’t need to run the browser in order to expose a user’s computer to this flaw. A simple wrong attachment or message could be enough to expose the user’s data.

John Page states, "Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted.MHT file locally."

MHT (aka MHTML Web Archive) files which open in Internet Explorer by standard, is enough to start the process even if IE isn't your default browser. The report reveals that Microsoft was notified of the vulnerability on 27 March, however, the company has declined to release an urgent fix for the problem.

Microsoft has stated, "We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case."

Till the fix is released by Microsoft millions of users will be left vulnerable to the exploit. The data shows a steady decline in Internet Explorer use, still, a number of Windows users who are using the platform are vulnerable to hackers.


4

comments

Internet explorer exploit could let hackers steal user data
Write a comment...
New products

Intel shares more details on 10th-gen laptop CPUs and makes them ready for PC makers

Rumors

Poco F2 exists! This alleged screen protector and a tip claim so

New products

MediaTek launches Helio G90 gaming-centric SoC for budget phones

Google

Google confirms Pixel 4 facial recognition and Motion Sense gestures