A has discovered a in Microsoft’s which allows hackers to potentially steal user data even if they don’t use the browser.

explained that the browser is vulnerable to External Entity attack if a user opens something malicious. MHT file locally, allowing hackers to remotely access the computer and exfiltrate local files.

The file format is used by for its and a user only needs to open the malicious attachment received either by email, messenger, or any other file transfer service, Mashable reports.

Once a user opens the malicious file, it launches the browser. Afterwards, even if the commands such as ‘Ctrl+K’ for tab duplication, ‘Print Preview’, or ‘Print’ are used on the webpage, it may trigger the XXE

Typically, alerts users with a security bar if one tries to access objects like ‘XMLHTTP’. However, with the specially crafted. MHT file using the malicious markup tags, no such warnings are shown.

The has been tested using Internet Explorer 11 and affects Windows 7, Windows 19, and 2012 R2 users.

(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

Source link