Thursday, January 23, 2025
HomeWindowsUnpatched Internet Explorer Zero-day Vulnerability Lets Attackers Hack Windows PC & Steal...

Unpatched Internet Explorer Zero-day Vulnerability Lets Attackers Hack Windows PC & Steal Files

Published on

SIEM as a Service

Follow Us on Google News

Security researcher disclose the new Internet Explorer zero-day vulnerability along with Proof-of-concept allows hackers to steal files from Windows computer.

Internet Explorer is one of the widely used web browsers developed by Microsoft and included in the Microsoft Windows line of operating systems, starting in 1995.

An XML External Entity Injection vulnerability affected the current version of Microsoft Internet Explorer v11 let remote attackers compromise the windows to exfiltrate Local files and conduct remote reconnaissance on locally installed Program version data.

Based on the Browser Market Share report, Internet Explorer is a 2nd largest web browser that is used by millions of users around the world including within a corporate networks.

How Does This Internet Explorer Zero-day Works

Since the Internet Explorer vulnerable to XML External Entity Injection flaw, the targeted system can be exploited by an attacker if any user opens a specially crafted .MHT file locally.

Let’s assume a victims open the malicious .MHT” file locally via Internet Explorer, Afterwards, if the user performs an interaction like duplicate tab “Ctrl+K” and other interactions like right click “Print Preview” or “Print” commands on the web-page leads to triggering this vulnerability and exploit the system.

In order to perform this attack without user interaction, a simple call to the window.print() Javascript function should do the trick. Let’s have a look at the Proof-of-concept video demonstration.

IE Zero-day Proof-of-concept

“According to John Page (aka hyp3rlinx) who reported this Internet Explorer Zero-day flaw said, when instantiating ActiveX Objects like “Microsoft.XMLHTTP” users will get a security warning bar in IE and be prompted to activate blocked content. However, when opening a specially crafted .MHT file using malicious markup tags the user will get no such active content or security bar warnings”

How to Exploit this Vulnerability

POC to exfil Windows “system.ini” file and also Edit attacker server IP in the script to suit your needs.

1) Use This script to create the “datatears.xml” XML and XXE embedded “msie-xxe-0day.mht” MHT file.

2) python -m SimpleHTTPServer

3) Place the generated “datatears.xml” in Python server web-root.

4) Open the generated “msie-xxe-0day.mht” file, watch your files be exfiltrated.

Researcher was reported this vulnerability on March 27, 2019, and he got the acknowledgment the same day from Microsoft.

But Microsoft said, We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue”

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated

Also Read:

APT Hackers Group Exploiting the Window OS Using New Zero day Vulnerability

Microsoft Released Security updates & Fixed 74 Vulnerabilities Including 2 Latest Zero-day

Hackers Exploit Cisco Zero Day Vulnerability in Wild Resulting in DoS Condition

Hackers Started Exploiting the Unpatched Windows Task Scheduler Zero Day Flaw using Malware


Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

CYFIRMA's Research and Advisory team has identified a new strain of ransomware labeled "Nnice,"...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Deliver Ransomware on Windows Via Microsoft Teams Voice Calls

Sophos X-Ops’ Managed Detection and Response (MDR) team has uncovered two highly active threat...

Microsoft Rolls Out New Administrator Protection Feature Under Windows Security

Microsoft has announced the release of Windows 11 Insider Preview Build 27774 to the...

New Contacto Ransomware Evades AV Detection & Uses Windows Console for Execution

In early January 2025, a new ransomware strain identified as Contacto surfaced, showcasing advanced...