Ngaphambili thina
Ngokudabukisayo, u-Kolsek ekuqaleni akakwazanga ukukhiqiza kabusha ukuhlasela okuchazwe futhi kwaboniswa uJohn, lapho asebenzisa i-Internet Explorer esebenza ku-Windows 7 ukulanda bese evula ifayela elinonya le-MHT. Nakuba umphathi wenqubo yakhe ebonisa ukuthi i-system.ini, okwakuhlelelwe ukuthi yebiwe kuye, yafundwa umbhalo ofihliwe efayeleni le-MHT, kodwa ayizange ithunyelwe kuseva ekude.
"Lokhu kubukeka njengesimo sakudala se-Web," kubhala u-Kolsek. “Lapho ifayela lamukelwe livela ku-inthanethi, izinhlelo zokusebenza ze-Windows ezisebenza kahle njengeziphequluli zewebhu namaklayenti e-imeyili engeza ilebula kufayela elinjalo efomini.
Umcwaningi uqinisekise ukuthi i-IE empeleni isetha ilebula enjalo yefayela le-MHT elilandiwe. U-Kolsek wabe esezama ukulanda ifayela elifanayo esebenzisa i-Edge futhi alivule ku-IE, okuhlala kuwuhlelo oluzenzakalelayo lwamafayela e-MHT. Ngokungalindelekile, ukuxhaphaza kwasebenza.
Okokuqala, umcwaningi uhlole i-“mark-of-the-Web”, kwavela ukuthi i-Edge ibuye igcine umthombo wemvelaphi yefayela kokunye ukusakazwa kwedatha ngaphezu kwesihlonzi sezokuphepha, esingase siphakamise imibuzo ethile mayelana nobumfihlo balokhu. indlela. U-Kolsek ucabange ukuthi imigqa eyengeziwe ingase idide i-IE futhi iyivimbele ekufundeni i-SID, kodwa njengoba kuvela, inkinga yayikwenye indawo. Ngemva kokuhlaziya isikhathi eside, uchwepheshe wezokuphepha uthole imbangela ekufakweni okubili ohlwini lokulawula ukufinyelela okwengeze ilungelo lokufunda ifayela le-MHT kusevisi yesistimu ethile, u-Edge ayengeze lapho ngemva kokuyilayisha.
U-James Foreshaw ovela ethimbeni elizinikele lezinsuku eziyiziro labasengozini - Google Project Zero -
Okulandelayo, umcwaningi wayefuna ukuqonda kangcono ukuthi yini ebangela ukuthi uhlelo lwezokuphepha lwe-IE lwehluleke. Ukuhlaziywa okujulile kusetshenziswa insiza ye-Process Monitor kanye ne-IDA disassembler ekugcineni kwembule ukuthi ukulungiswa kwesethi ye-Edge kuvimbele umsebenzi we-Win Api i-GetZoneFromAlternateDataStreamEx ekufundeni ukusakaza kwefayela le-Zone.Identifier futhi kubuyise iphutha. Ku-Internet Explorer, iphutha elinjalo lapho kucelwa ilebula yezokuphepha yefayela bekungalindelekile nhlobo, futhi, ngokusobala, isiphequluli sicabange ukuthi iphutha lilingana neqiniso lokuthi ifayela alinalo uphawu “lophawu lwewebhu”, okwenza ukuthi ithenjwe ngokuzenzakalelayo, ngemva kokuthi kungani i-IE ivumele iskripthi esifihlwe kufayela le-MHT ukuthi sisebenzise futhi sithumele ifayela lendawo eliqondiwe kuseva ekude.
"Uyayibona indida lapha?" Kubuza uKolsek. "Isici sokuphepha esingabhaliwe esisetshenziswe yi-Edge sinciphise isici esikhona, ngokungangabazeki esibaluleke kakhulu (umaka-we-Web) ku-Internet Explorer."
Ngaphandle kokubaluleka okukhuphukile kokuba sengozini, okuvumela iskripthi esinonya ukuthi sisetshenziswe njengesikripthi esithenjwayo, akukho nkomba yokuthi iMicrosoft ihlose ukulungisa iphutha noma nini maduze, uma sike salungiswa. Ngakho-ke, sisancoma ukuthi, njengaku-athikili edlule, uguqule uhlelo oluzenzakalelayo lokuvula amafayela we-MHT kunoma yisiphi isiphequluli sesimanje.
Yiqiniso, ucwaningo lukaKolsek aluzange luhambe ngaphandle kwe-self-PR encane. Ekupheleni kwesihloko, ubonise isiqeshana esincane esibhalwe ngolimi lomhlangano esingasebenzisa insizakalo ye-0patch eyakhiwe inkampani yakhe. I-0patch ithola ngokuzenzakalelayo isofthiwe esengozini kukhompuyutha yomsebenzisi futhi isebenzise iziqephu ezincane kuyo ngokoqobo uma undiza. Isibonelo, esimweni esisichazile, i-0patch izongena esikhundleni somlayezo wephutha kumsebenzi we-GetZoneFromAlternateDataStreamEx ngenani elihambisana nefayela elingathenjwa elitholwe kunethiwekhi, ukuze i-IE ingavumeli noma yiziphi izikripthi ezifihliwe ukuthi zifakwe ngokuhambisana ne-built- kunqubomgomo yezokuphepha.
Source: 3dnews.ru