Vulnerability in Internet Explorer remains unpatched

By

Flaw still exists one year after being reported.

Internet Explorer users are putting themselves and their PCs at risk to hacking with a simple ‘.txt' file.

ProCheckUp revealed that it is possible to give a hacker open access to a user's session by installing malware through a vulnerability in IE7 and IE8 that opens text files.

It claimed that JavaScript code can be added to the plain text file and remain undetected by Internet Explorer, and that this JavaScript code will allow the hacker to gain access.

Richard Brain, co-founder of ProCheckUp, said: “People have become accustomed and hence suspicious of the various file formats (Flash/Acrobat) used to carry out attacks, it still comes as a surprise that even the most benign file format (.txt) can also be used to attack computers.”

It claimed that the flaw has already been reported to Microsoft by GTalbot last year, but ProCheckUp discovered that this vulnerability is still active.

See original article on scmagazineuk.com

Vulnerability in Internet Explorer remains unpatched
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?