“Unfortunately, there are some problems that allow user's keyboard input in unrelated locations to be selectively, transparently redirected to these input fields, and hence affect file selection to an attacker's liking,” he wrote. “Even though some browsers try to prevent file field hiding, it can be be easily stowed off screen at negative window coordinates.”
Microsoft acknowledged the vulnerability on Thursday, explaining that it is investigating the matter.
“Microsoft’s initial investigation reveals that an attacker could gain access to user files if the location of a given file is already known. In order to be successful, an attacker in advance would have to convince the user to enter the location of a file into an attacker's webpage through social engineering,”a company spokesperson said.
“Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers.”
_(33).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
