Hnub Friday, Lub Plaub Hlis 12, tus kws paub txog kev ruaj ntseg cov ntaub ntawv John Page tau tshaj tawm cov ntaub ntawv hais txog qhov tsis raug kho qhov tsis zoo hauv Internet Explorer tam sim no, thiab kuj tau qhia nws qhov kev siv. Qhov tsis zoo no tuaj yeem tso cai rau tus neeg tawm tsam kom tau txais cov ntsiab lus ntawm cov ntaub ntawv hauv zos ntawm Windows cov neeg siv, hla kev ruaj ntseg browser.
Qhov tsis txaus ntseeg nyob hauv txoj kev Internet Explorer ua haujlwm MHTML cov ntaub ntawv, feem ntau yog cov uas muaj .mht lossis .mhtml txuas ntxiv. Hom ntawv no yog siv los ntawm Internet Explorer los ntawm lub neej ntawd rau txuag cov nplooj ntawv web, thiab tso cai rau koj khaws tag nrho cov ntsiab lus ntawm nplooj ntawv nrog rau tag nrho cov ntsiab lus hauv xov xwm ua ib cov ntaub ntawv. Tam sim no, cov browsers niaj hnub no feem ntau tsis khaws cov nplooj ntawv web hauv MHT hom ntawv thiab siv tus qauv WEB hom - HTML, tab sis lawv tseem txhawb nqa cov txheej txheem ua cov ntaub ntawv hauv hom no, thiab tseem tuaj yeem siv rau txuag nrog cov chaw tsim nyog lossis siv txuas ntxiv.
Qhov tsis zoo uas pom los ntawm John yog nyob rau hauv chav kawm XXE (XML eXternal Entity) ntawm qhov tsis zoo thiab muaj kev teeb tsa tsis raug ntawm XML code handler hauv Internet Explorer. "Qhov kev pheej hmoo no tso cai rau tus neeg tawm tsam nyob deb nroog kom nkag mus rau tus neeg siv cov ntaub ntawv hauv zos thiab, piv txwv li, rho tawm cov ntaub ntawv hais txog cov software nruab rau hauv lub system," hais Page. "Yog li cov lus nug rau 'c: Python27NEWS.txt' yuav rov qab cov version ntawm qhov program ntawd (tus neeg txhais lus Python hauv qhov no).
Txij li thaum nyob rau hauv Windows tag nrho cov ntaub ntawv MHT qhib hauv Internet Explorer los ntawm lub neej ntawd, siv qhov tsis zoo no yog ib txoj haujlwm tsis tseem ceeb vim tus neeg siv tsuas yog xav tau ob npaug nyem rau ntawm cov ntaub ntawv txaus ntshai tau txais los ntawm email, social networks lossis instant messengers.
"Feem ntau, thaum tsim ib qho piv txwv ntawm ib qho khoom siv ActiveX, xws li Microsoft.XMLHTTP, tus neeg siv yuav tau txais kev ceeb toom kev nyab xeeb hauv Internet Explorer uas yuav nug kom pom zoo kom qhib cov ntsiab lus thaiv," piav qhia tus kws tshawb fawb. "Txawm li cas los xij, thaum qhib cov ntaub ntawv npaj ua ntej .mht siv cov cim cim tshwj xeeb styled tus neeg siv yuav tsis tau txais lus ceeb toom txog cov ntsiab lus uas muaj teeb meem. "
Raws li Nplooj ntawv, nws tau ua tiav qhov kev sim tsis zoo hauv qhov tam sim no ntawm Internet Explorer 11 browser nrog txhua qhov kev ruaj ntseg tshiab tshiab ntawm Windows 7, Windows 10 thiab Windows Server 2012 R2.
Tej zaum tsuas yog cov xov xwm zoo hauv kev tshaj tawm rau pej xeem ntawm qhov tsis zoo no yog qhov tseeb tias Internet Explorer ib zaug tseem ceeb ntawm kev lag luam tam sim no tau nqis mus rau 7,34%, raws li NetMarketShare. Tab sis txij li Windows siv Internet Explorer ua lub neej ntawd daim ntawv thov qhib MHT cov ntaub ntawv, cov neeg siv tsis tas yuav tsum teeb IE raws li lawv qhov browser default, thiab lawv tseem muaj kev cuam tshuam ntev npaum li IE tseem nyob hauv lawv lub tshuab thiab lawv tsis them. mloog mus rau lub download hom ntawv cov ntaub ntawv nyob rau hauv Internet.
Rov qab rau Lub Peb Hlis 27, John tau ceeb toom rau Microsoft txog qhov tsis zoo no hauv lawv qhov browser, tab sis thaum Lub Plaub Hlis 10, tus kws tshawb fawb tau txais cov lus teb los ntawm lub tuam txhab, qhov uas nws tau qhia tias nws tsis xav txog qhov teeb meem no yog qhov tseem ceeb.
"Qhov kev kho yuav tsuas yog tso tawm nrog cov khoom tom ntej," Microsoft hais hauv tsab ntawv. "Tam sim no peb tsis muaj txoj kev npaj los daws qhov teeb meem no."
Tom qab cov lus teb meej los ntawm Microsoft, tus kws tshawb fawb tau luam tawm cov ntsiab lus ntawm xoom-hnub qhov tsis zoo ntawm nws lub vev xaib, nrog rau demo code thiab video hauv YouTube.
Txawm hais tias qhov kev siv ntawm qhov tsis zoo no tsis yog qhov yooj yim thiab yuav tsum muaj qee yam yuam cov neeg siv los khiav cov ntaub ntawv MHT tsis paub, qhov tsis zoo no yuav tsum tsis txhob maj maj txawm tias tsis muaj lus teb los ntawm Microsoft. Hacker pab pawg tau siv MHT cov ntaub ntawv rau phishing thiab malware faib yav dhau los, thiab tsis muaj dab tsi yuav txwv tsis pub lawv ua tam sim no.
Txawm li cas los xij, txhawm rau zam qhov no thiab ntau qhov tsis zoo sib xws, koj tsuas yog yuav tsum tau them sai sai rau qhov txuas ntxiv ntawm cov ntaub ntawv uas koj tau txais los ntawm Is Taws Nem thiab xyuas lawv nrog cov tshuaj tiv thaiv kab mob lossis hauv VirusTotal lub vev xaib. Thiab txhawm rau ntxiv kev ruaj ntseg, tsuas yog teeb tsa koj nyiam browser uas tsis yog Internet Explorer ua lub neej ntawd daim ntawv thov rau .mht lossis .mhtml cov ntaub ntawv. Piv txwv li, hauv Windows 10 qhov no ua tau yooj yim heev hauv "Xaiv cov qauv siv rau hom ntaub ntawv" ntawv qhia zaub mov.
Tau qhov twg los: 3d xov.ru