Vulnerability in Internet Explorer remains unpatched

By

Flaw still exists one year after being reported.

Internet Explorer users are putting themselves and their PCs at risk to hacking with a simple ‘.txt' file.

ProCheckUp revealed that it is possible to give a hacker open access to a user's session by installing malware through a vulnerability in IE7 and IE8 that opens text files.

It claimed that JavaScript code can be added to the plain text file and remain undetected by Internet Explorer, and that this JavaScript code will allow the hacker to gain access.

Richard Brain, co-founder of ProCheckUp, said: “People have become accustomed and hence suspicious of the various file formats (Flash/Acrobat) used to carry out attacks, it still comes as a surprise that even the most benign file format (.txt) can also be used to attack computers.”

It claimed that the flaw has already been reported to Microsoft by GTalbot last year, but ProCheckUp discovered that this vulnerability is still active.

See original article on scmagazineuk.com

Vulnerability in Internet Explorer remains unpatched
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Log In

  |  Forgot your password?