Internet Explorer zero-day lets hackers steal files from Windows PCs

[silversurfer]

Microsoft refused to patch issue so security researcher released exploit code online.

A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.

The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL+S (Save web page) command.
 
Modern browsers don't save web pages in MHT format anymore, and use the standard HTML file format; however, many modern browsers still support processing the format.

Today, security researcher John Page published details about an XEE (XML External Entity) vulnerability in IE that can be exploited when a user opens an MHT file.

SOURCE: https://www.zdnet.com/article/internet-e...ndows-pcs/