A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems.The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL+S (Save web page) command.
Modern browsers don't save web pages in MHT format anymore, and use the standard HTML file format; however, many modern browsers still support processing the format.
AN XXE IN IE 11
Today, security researcher John Page published details about an
(XML eXternal Entity) vulnerability in IE that can be exploited when a user opens an MHT file.
"This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed
Program version information," Page said. "Example, a request for 'c:\Python27\NEWS.txt' can return version information for that program."