Internet Explorer: Small Flaws Lead To A Big Problem

One of the world’s most famous browsers is Internet Explorer however it doesn’t mean it is flawless, recently security experts have drawn our attention towards how hacker can utilize it to spy on users. Jorge Luis Alvarez Medina, an expert security consultant at Boston-based CORE Security Technologies, discovered a plot that can let the hacker read any file on the user’s computer via Internet Explorer.

At Black Hat DC conference, Medina explained that usually, files stored on a user computer are differently from those treated differently from those planned to be accessible through the Internet. Medina demonstrated code that allowed him to upload files from a user’s computer which was the clear indication that his attack canceled the line between the two types of files allowing an invader to access personal files over the Internet.

It only requires an Internet Explorer user to click to a malicious web page to start the attack. Once you are there, the hacker or the attacker will use a variety of features and loopholes in Internet Explorer to gather information regarding the user’s computer. At this time, the attacker slides some harmful code in the browser by the help of cookies. Attacker is actually trying to open the malicious code from the browser as if it was originated from the user’s computer. And if the browser allows this to happen than he will have all the access to the user’s local machine.

Medina told that Microsoft has taken an action by releasing patches for preventing the browser from actually running the malicious code; however this won’t stop the attacker from learning about the user’s computer, which could, potentially, lead to other attacks. He believes that the attack could be stopped by effectively closing down all flaws in the browser.

Microsoft told Medina that they can’t patch some of the flaws he exposed. The reason might be that the malicious code could be related to some of the main features on the browser; furthermore, Microsoft is worried that any fix may open up other security holes.

Medina said that his attack works for all versions of Internet Explorer, with the exception of those customers who are using IE-7 or IE-8 in their default settings on Windows Vista or Windows 7 operating systems, as they are protected by Explorer Protected Mode.

According to security researcher Dino Dai Zovi, most Internet Explores users may not realize that they’re surfing the Internet without Protected Mode in place. He thinks that a user often disables the Vista’s user account control as he get annoyed by the built-in security prompts. What they don’t realize is that by doing this they also disables the Protected Mode for Internet Explorer.

Medina admits that his attack doesn’t currently work in Protected Mode, however says that this mode once again only protects against a single aspect of the threat. He added that he is currently working to see if he can bypass Protected Mode: “If not me, someone else will do it.”

Enjoyed this article? Submit your email to receive daily news and updates.

***You must click confirmation link sent in email. If you don't see the email, check spam folder.

Filed in: Web Tags: , , ,

Leave a Reply

Submit Comment

© 2022 Tech Readers. Reproduction without explicit permission is prohibited. All Rights Reserved. XHTML / CSS Valid.