Home > News content

Microsoft is not in a hurry to fix the zero-day vulnerability of IE11. It involves the old MHT file format (video).

via:cnBeta.COM     time:2019/4/15 16:31:30     readed:213


Microsoft is not eager to patch this zero-day vulnerability (screenshot via:SlashGear)

Although the current web page will be saved in HTML format, IE11 retains the ability to open MHT format files. However, security researcher John Page points out:

The problem is that MHT files have two special properties -- first, MHT can be opened automatically in Internet Explorer; second, a specially crafted MHT file that gives remote agents (hackers) access to local files.

It can even close any related ActiveX objects (this is another 'prehistoric technology'), as well as warnings that require users to participate in the interaction.

Internet Explorer - XML ​​External entity Injection 0day(Via)

It is reported that the loopholeWindows7. Internet Explorer 11 browser in Windows 10 and Windows Server 2012 R2 operating system.

In fact, as early as the end of last month, Microsoft already knew the vulnerability. Unfortunately, perhaps considering that IE users are few, the software giant says it is not in a hurry to fix the vulnerability.


Microsoft China Official Store - Windows

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments