Internet Explorer users are putting themselves and their PCs at risk to hacking with a simple ‘.txt' file.
ProCheckUp revealed that it is possible to give a hacker open access to a user's session by installing malware through a vulnerability in IE7 and IE8 that opens text files.
It claimed that JavaScript code can be added to the plain text file and remain undetected by Internet Explorer, and that this JavaScript code will allow the hacker to gain access.
Richard Brain, co-founder of ProCheckUp, said: “People have become accustomed and hence suspicious of the various file formats (Flash/Acrobat) used to carry out attacks, it still comes as a surprise that even the most benign file format (.txt) can also be used to attack computers.”
It claimed that the flaw has already been reported to Microsoft by GTalbot last year, but ProCheckUp discovered that this vulnerability is still active.
See original article on scmagazineuk.com
Vulnerability in Internet Explorer remains unpatched
By
SC Australia Staff
on Oct 13, 2009 10:47AM
Flaw still exists one year after being reported.
Got a news tip for our journalists? Share it with us anonymously here.
