Internet Explorer Security Flaw Lets Hackers Steal Files From Windows PCs

18 April, 2019, 08:41 | Author: Sammy Rose

Even though Internet Explorer makes for less than 10% of the entire browser market, the fact that this exploit just requires the victim to have IE on their PC makes it worrisome.

According to researcher John Page, an unpatched exploit in the Internet Explorer browser's handling of MHT files (IE's Web archive format) can be used by hackers to both spy on Windows users and steal their local data. "MHT file locally", writes Page.

It is insignificant to exploit this vulnerability as the MHT files on Windows is by default set to be opened in Internet Explorer whenever a user double-click on the link that he might receive through email, message or any other source. Rather a JavaScript function window.print () is enough instead of the interaction of the user with the webpage.

Additionally, the exploit works around Internet Explorer's typical security alert system.

A security researcher has revealed details of an unpatched exploit in the way IE handles MHT files, and the problem affects Windows 7, Windows 10 and Windows Server 2012 R2. As long as the browser is there on your computer, hackers can get to you.

Last December, Microsoft was urging Internet Explorer users to update to the latest version of Internet Explorer after it discovered a serious flaw.

Alex Rodriguez rehearsed his proposal to Jennifer Lopez with his assistant
From the sight of their sweet engagement photos, it's evident the couple's romantic getaway in the Bahamas was simply magical.


Kia 's HabaNiro 'everything car' is the wackiest EV crossover
Other unique features include contrasting red aero panels and butterfly wing doors which open to reveal a four-seat interior. An eye tracking and emotion reader, shown at CES, follow the driver and judge their emotional state.


Lexus aims at luxury minivan market with LM 350
Flanking the massive grille are sharp triple beam LED headlamps with the brand's signature "tick' daytime running lights". If super-luxurious rear seats aren't your thing, the LM will also be available as a conventional seven-seat minivan.


It allowed them to easily takeover your PC by executing some malicious code.

The news came at a time when Microsoft, coming to terms with the Outlook.com data breach case, reached out to some users, informing them of the hack which exposed data sent over emails to hackers who kept accessing their accounts between January 1 to March 28.

Microsoft didn't say how many users have been affected by the vulnerability, known as CVE-2018-865.

Finally stopped using Internet Explorer?

'The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Thus this vulnerability should not be taken lightly.

Even though only a meager (7.34 percent) users use Internet Explorer today, it's still present in many systems.

Recommended:

  • Best Buy Names Barry CEO

    Best Buy Names Barry CEO

    Barry also emphasized a continuity of Best Buy's business strategy with no major shifts or leadership changes planned. The CEO credited with reviving a Best Buy is now stepping aside.
    Smash Bros. Ultimate 3.0 Update Detailed

    Smash Bros. Ultimate 3.0 Update Detailed

    Ultimate as Challenger #1 from the Fighters' Pass DLC, four months after his show-stopping reveal at The Game Awards 2018. Though the Smash Stage Builder technically leaked last week , Nintendo confirmed all remaining details in a lengthy video.
    Google Testing a Play Store Budgeting Feature to Help Check App Spending

    Google Testing a Play Store Budgeting Feature to Help Check App Spending

    Android users are being warned about a scary strain of malware discovered on Google Play Store apps. VentureBeat reports that this feature is now being tested and is rolling out in stages.
  • Cardiff City sink relegation rivals Brighton to boost survival bid

    Cardiff City sink relegation rivals Brighton to boost survival bid

    However, the brief moment of optimism was soon quelled as the visitors doubled their advantage five minutes after the restart. We pushed but unless we're managing to get goals we're generally on the back foot.
    Jaguar's electric I-Pace takes the World Car of the Year award

    Jaguar's electric I-Pace takes the World Car of the Year award

    Despite its flaws the Suzuki Jimny is sold out in Australia for 12 months and some dealers have stopped taking orders. Finally, the World Urban Car award went to the Suzuki Jimny , which held off the Hyundai Atos/Santro and Kia Soul.
    Al-Aqsa Mosque fire: Burns same night as Notre Dame

    Al-Aqsa Mosque fire: Burns same night as Notre Dame

    The blaze was contained to Marwani Prayer Room, also known as Solomon's Stables, and did not spread, the Wafa news agency reports. As the iconic cathedral of Notre Dame burned in Paris, a fire broke out at the historic Al Aqsa mosque in Jerusalem .
  • Subaru Outback adds turbo and huge touchscreen to fan-favorite

    Subaru Outback adds turbo and huge touchscreen to fan-favorite

    On all 2020 Outback trims, EyeSight Driver Assist Technology is standard, including adaptive cruise control and lane-centering. Subaru says the 2020 Outback has a number of improved suspension components that ought to make it more enjoyable to drive.
    Microsoft's Disc-Less Xbox One Arrives May 7th for $249.99

    Microsoft's Disc-Less Xbox One Arrives May 7th for $249.99

    For now, we'll just have to wait and see how well consumers can adapt to digital-only games and movies, if they're willing at all. The company is launching a new subscription package on Xbox One that bundles Xbox Live Gold and Xbox Game Pass together.
    Carl’s Jr. to Debut CBD-Infused Burger on 4/20

    Carl’s Jr. to Debut CBD-Infused Burger on 4/20

    Starting small, in a market where cannabis regulation is "really strong", will allow Carl's Jr.to figure out how to move forward. MT through close for $4.20, while supplies last - or the Federal Bureau of Investigation raids the joint, whichever comes first.
  • The Match:Tiger vs Phil to be broadcast on Sky Sports Golf

    The Match:Tiger vs Phil to be broadcast on Sky Sports Golf

    Mickelson subsequently replied, joking: "I bet you think this is the easiest US$ 9 million you will ever make". To that end, Mickelson spent considerable time at Shadow Creek in recent weeks, including most of this week.
    'Swamp Thing' First Look On DC Universe Streaming Service

    'Swamp Thing' First Look On DC Universe Streaming Service

    That verbiage doesn't make it sound like she, or anyone else working on the show, will be coming back for a second season. Swamp Thing has been filming since November 2018, and is due to debut on DC Universe on May 31 .
    Israeli spacecraft Beresheet crashes on the Moon after engine and communication failures

    Israeli spacecraft Beresheet crashes on the Moon after engine and communication failures

    An image taken by Israel spacecraft, Beresheet, upon its landing on the moon , obtained by Reuters from Space IL on April 11, 2019.


Popular

Celtics rally past Pacers for 2-0 series lead
The Celtics struggled finding good looks at the bucket and when they did get one, they had a hard time knocking down the shots. He didn't score his first points until the fourth, finishing with four points, 10 rebounds and four assists for the game.

Today is your last chance to pre-order a Huawei P30 Pro
The base model comes with 6GB of RAM and 128GB storage and can be upgraded to variants with 8GB RAM and up to 512GB storage. When compared to the IPhone XS, Samsung Galaxy S10 and LG V40, the P30 Pro model won in nearly all categories.

Toyota Highlander gains new tech
The crossover SUV's profile is blockier and edgier like the RAV4 but with rounded design cues pulled from the Camry. Limited and Platinum trim levels can split torque front to back and side to side for better grip or fuel economy.

Facebook spends US$22.6 million keeping Zuckerberg safe - Cloud - Networking - Security
However, nobody from Facebook has thus far provided any additional evidence to support the the claim of "cherry-picking". And all the while, Facebook was making loud noises about its attempts to protect and secure user privacy.

Disney Donates $5 Million to Help Rebuild Notre Dame Cathedral
Notre Dame will be closed for at least five years while the building is restored following the devastating fire . An initial fire alert was sounded at 6:20 p.m., as a Mass was underway in the cathedral, but no fire was found.

Kim Jong Un makes surprise visit to North Korea air force unit
The U.S. team is working with the North Koreans , Pompeo said, "to chart a path forward so that we can get there". He rejected partial denuclearization steps offered by Kim, which included an offer to dismantle Yongbyon.

Lori Loughlin felt she had ‘no choice’ but to plead not guilty
Instead, Loughlin and Giannulli "decided to roll the dice" and rejected a plea deal. "Now they're in worse shape than before". In a statement, she expressed "deep regret and shame over what I have done". "This really is a family matter".

New Update Allows Nintendo Switch To Transfer Save Files
It's important to take note that saved data will not stay on your system following completion of the transfer process. These updates were designed for those who started playing on someone else's console before getting their own Switch.

England announce squad for Pakistan series, Archer gets maiden call-up
David Willey said in March he did not know "whether someone should just walk in at the drop of a hat because they're available". Archer, 24, whose father is English, has a United Kingdom passport.

Hyundai unveils compact SUV Venue; launch next month
The India reveal of the new Hyundai Venue coincides with the global debut at the 2019 New York International Auto Show. At the rear, the styling is clean with the shoulder line running across the boot lid as well for a sculpted look.