The Internet Explorer error allows hackers to steal data even if the browser is not used


California: A security researcher has discovered a vulnerability in Microsoft
Internet
Explorer which allows hackers to eventually steal user data even if they do not use the browser.

Security researcher John Page has explained that the browser is vulnerable to attacking the external XML entity if a user opens something malicious. MHT locally, allowing hackers to remotely access the computer and remove local files.

The file format is used by
Internet
Explorer for its web files and a user only needs to open the malicious attachment received either by email, messenger or any other file transfer service, Mashable reports.

Once a user opens the malicious file, the browser starts. Then, even if the web pages use commands like "Ctrl + K & # 39; to overwrite the tabs, Print Preview & # 39; or "Print", the vulnerability XXE may be triggered.

Typically,
Internet
Explorer alerts users with a security bar if they try to access objects such as "Microsoft.XMLHTTP". However, with the specially crafted. MHT using malicious XML markup tags, no such warnings appear.

Vulnerability has been tested using
Internet
Explorer 11 and affects Windows 7, Windows 19, and Windows Server 2012 R2 users.