Security researcher John Page explained that the browser is vulnerable to XML External Entity attack if a user opens something malicious. MHT file locally, allowing hackers to remotely access the computer and exfiltrate local files.
The file format is used by Internet Explorer for its web archives and a user only needs to open the malicious attachment received either by email, messenger, or any other file transfer service, Mashable reports.
Once a user opens the malicious file, it launches the browser. Afterwards, even if the commands such as ‘Ctrl+K’ for tab duplication, ‘Print Preview’, or ‘Print’ are used on the webpage, it may trigger the XXE vulnerability.
Typically, Internet Explorer alerts users with a security bar if one tries to access objects like ‘Microsoft.XMLHTTP’. However, with the specially crafted. MHT file using the malicious XML markup tags, no such warnings are shown.
(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)