NgoLwesihlanu, Ephreli 12, uchwepheshe wezokuphepha kolwazi u-John Page ushicilele ulwazi mayelana nokuba sengozini okungalungiswanga enguqulweni yamanje ye-Internet Explorer, futhi wabonisa ukusetshenziswa kwayo. Lokhu kuba sengozini kungase kuvumele umhlaseli ukuthi athole okuqukethwe kwamafayela endawo abasebenzisi be-Windows, adlule ukuphepha kwesiphequluli.
Ukuba sengozini kusendleleni i-Internet Explorer ephatha ngayo amafayela e-MHTML, ngokuvamile lawo anesandiso esithi .mht noma .mhtml. Le fomethi isetshenziswa yi-Internet Explorer ngokuzenzakalelayo ekugcineni amakhasi ewebhu, futhi ikuvumela ukuthi ugcine konke okuqukethwe kwekhasi kanye nakho konke okuqukethwe kwemidiya njengefayela elilodwa. Okwamanje, iziphequluli eziningi zesimanje azisawagcini amakhasi ewebhu ngefomethi ye-MHT futhi zisebenzisa ifomethi ye-WEB evamile - i-HTML, kodwa zisasekela ukucubungula amafayela ngale fomethi, futhi zingayisebenzisela ukulondoloza ngezilungiselelo ezifanele noma ukusebenzisa izandiso.
Ukuba sengozini okutholwe u-John kungokwesigaba se-XXE (i-XML eXternal Entity) sobungozi futhi kuqukethe ukulungiselelwa okungalungile kwesibambi sekhodi ye-XML ku-Internet Explorer. “Lokhu kuba sengozini kuvumela umhlaseli wesilawuli kude ukuthi athole ukufinyelela kumafayela endawo omsebenzisi futhi, ngokwesibonelo, akhiphe ulwazi mayelana nenguqulo yesofthiwe efakwe ohlelweni,” kusho i-Page. "Ngakho umbuzo we-'c:Python27NEWS.txt' uzobuyisela inguqulo yalolo hlelo (umhumushi wePython kuleli cala)."
Njengoba ku-Windows wonke amafayela e-MHT evuleka ku-Internet Explorer ngokuzenzakalelayo, ukusebenzisa lobu bungozi kuwumsebenzi omncane njengoba umsebenzisi edinga kuphela ukuchofoza kabili ifayela eliyingozi elitholwe nge-imeyili, izinkundla zokuxhumana noma izithunywa ezisheshayo.
“Ngokuvamile, lapho udala isenzakalo sento ye-ActiveX, efana ne-Microsoft.XMLHTTP, umsebenzisi uzothola isexwayiso sokuvikeleka ku-Internet Explorer esizocela ukuqinisekiswa ukuze kusebenze okuqukethwe okuvinjiwe,” kuchaza umcwaningi. "Kodwa-ke, lapho uvula ifayela le-.mht elilungiselelwe kusengaphambili usebenzisa omaka bemakhaphu abaklanyelwe ngokukhethekile umsebenzisi ngeke athole izexwayiso mayelana nokuqukethwe okungase kube yingozi."
Ngokusho kwePage, uhlole ngempumelelo ubungozi enguqulweni yamanje yesiphequluli se-Internet Explorer 11 enazo zonke izibuyekezo zakamuva zokuphepha ezivuliwe Windows 7, Windows 10 kanye neWindows Server 2012 R2.
Mhlawumbe okuwukuphela kwezindaba ezinhle ekudalulweni komphakathi kwalokhu kuba sengcupheni ukuthi isabelo semakethe se-Internet Explorer esake saba khona manje sehle safinyelela ku-7,34% nje kuphela, ngokusho kwe-NetMarketShare. Kodwa njengoba iWindows isebenzisa i-Internet Explorer njengohlelo oluzenzakalelayo lokuvula amafayela e-MHT, abasebenzisi akudingeki ukuthi basethe i-IE njengesiphequluli sabo esizenzakalelayo, futhi basesengozini inqobo nje uma i-IE isekhona ezinhlelweni zabo futhi bengakhokhi. ukunaka amafayela efomethi yokulanda ku-inthanethi.
Emuva ngoMashi 27, uJohn wazisa iMicrosoft mayelana nalokhu kuba sengozini esipheqululini sabo, kodwa ngo-Ephreli 10, umcwaningi wathola impendulo evela enkampanini, lapho ibonise ukuthi ayizange ibheke le nkinga njengebucayi.
"Ukulungiswa kuzokhishwa kuphela ngenguqulo elandelayo yomkhiqizo," kusho iMicrosoft encwadini. "Okwamanje asinazo izinhlelo zokukhipha isixazululo kulolu daba."
Ngemuva kwempendulo ecacile evela ku-Microsoft, umcwaningi ushicilele imininingwane yokuba sengozini yosuku oluyi-zero kuwebhusayithi yakhe, kanye nekhodi yedemo nevidiyo ku-YouTube.
Nakuba ukuqaliswa kwalokhu kuba sengcupheni kungelula kangako futhi kudinga ukuthi ngandlela thize kuphoqe umsebenzisi ukuthi asebenzise ifayela le-MHT elingaziwa, lobu bungozi akumele buthathwe kalula naphezu kokushoda kwempendulo evela ku-Microsoft. Amaqembu e-Hacker asebenzise amafayela e-MHT ukuze enze ubugebengu bokweba imininingwane ebucayi kanye nokusabalalisa uhlelo olungayilungele ikhompuyutha esikhathini esidlule, futhi akukho okuzowavimba ekwenzeni kanjalo manje.
Kodwa-ke, ukuze ugweme lokhu kanye nokuba sengozini okuningi okufanayo, udinga nje ukunaka ukunwetshwa kwamafayela owathola ku-inthanethi futhi uwahlole nge-antivirus noma kuwebhusayithi ye-VirusTotal. Futhi ngokuphepha okungeziwe, vele usethe isiphequluli osithandayo ngaphandle kwe-Internet Explorer njengohlelo oluzenzakalelayo lwamafayela we-.mht noma .mhtml. Isibonelo, ku-Windows 10 lokhu kwenziwa kalula kumenyu ethi “Khetha izinhlelo zokusebenza ezijwayelekile zezinhlobo zamafayela”.
Source: 3dnews.ru