Internet Explorer exploit REVEALED

Joanna Estrada
April 16, 2019

The web browser was at one point so popular it peaked with a 95 percent usage share in 2003.

'This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information'.

The hack relies on Internet Explorer's ability to save its web pages in the.MHT file format, something modern browsers don't allow, thus making IE the default application to open such files.

A new zero-day exploit has been discovered within the Internet Explorer (IE), Microsoft's archaic and out-of-date web browser for Windows.

While Internet Explorer has a security system which should alert a user if anything suspicious happens, a malicious MHT file can be created to disable this warning.

"As Windows opens MHT files using IE by default, you don't even have to run the browser for this to be a problem - all you have to do is open an attachment sent through chat or email".

The vulnerability relates specifically to the way Page says Internet Explorer deals with CTRL+K, Print Preview, and Print commands, and it can be easily exploited with a JavaScript function call.

The move came after a Google security engineer uncovered a memory-corruption vulnerability in the browser that was actively being exploited by hackers.

'A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, ' the firm explained.

This means that while only a fraction of users are still on Internet Explorer, the threat is actually much larger, given the way the security flaw operates.

The exploit has been tested using the last version of Internet Explorer, IE 11.

The vulnerability affects Microsoft Windows 7, Windows 10 and Windows Server 2012 R2.

However Page believes the most troubling aspect is Microsoft's apparent lack of urgency in fixing the issue, telling the researcher it would only "consider" a fix in a future update. He contacted Microsoft in March before going public with the issue.

Microsoft officially discontinued its former flagship web browser in 2015.

Other reports by Click Lancashire

Discuss This Article