{"id":10541,"date":"2025-10-14T13:28:22","date_gmt":"2025-10-14T06:28:22","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10541"},"modified":"2026-02-05T13:28:29","modified_gmt":"2026-02-05T06:28:29","slug":"hacker-khai-thac-loi-zero-day-trong-ie-mode-de-kiem-soat-thiet-bi-nguoi-dung","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/10\/14\/hacker-khai-thac-loi-zero-day-trong-ie-mode-de-kiem-soat-thiet-bi-nguoi-dung\/","title":{"rendered":"Hacker khai th\u00e1c l\u1ed7i zero-day trong IE Mode \u0111\u1ec3 ki\u1ec3m so\u00e1t thi\u1ebft b\u1ecb ng\u01b0\u1eddi d\u00f9ng"},"content":{"rendered":"

Gi\u1eefa l\u00fac Internet Explorer (IE) \u0111\u00e3 ch\u00ednh th\u1ee9c \u201cngh\u1ec9 h\u01b0u\u201d, m\u1ed9t chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng m\u1ea1ng tinh vi m\u1edbi l\u1ea1i b\u1ea5t ng\u1edd khai th\u00e1c ch\u00ednh t\u00ednh n\u0103ng IE Mode trong tr\u00ecnh duy\u1ec7t Microsoft Edge, v\u1ed1n \u0111\u01b0\u1ee3c t\u1ea1o ra \u0111\u1ec3 gi\u00fap ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp c\u00e1c trang web c\u0169.<\/b><\/p>\n

\"1760431565760.png\"<\/a>\u200b<\/div>\n

Chi\u1ebfn d\u1ecbch tinh vi n\u00e0y xu\u1ea5t hi\u1ec7n v\u00e0o th\u00e1ng 8\/2025 l\u1ee3i d\u1ee5ng t\u00ednh n\u0103ng Internet Explorer (IE) mode trong Microsoft Edge. V\u1ec1 c\u01a1 b\u1ea3n, k\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng \u0111\u00e1nh th\u1eb3ng v\u00e0o Chrome\/Edge hi\u1ec7n \u0111\u1ea1i m\u00e0 d\u1ee5 n\u1ea1n nh\u00e2n chuy\u1ec3n trang sang IE mode (m\u00f4i tr\u01b0\u1eddng c\u0169, y\u1ebfu v\u1ec1 b\u1ea3o m\u1eadt), r\u1ed3i k\u00edch ho\u1ea1t l\u1ed7i zero-day trong Chakra (m\u00e1y th\u1ef1c thi JavaScript c\u1ee7a IE) \u0111\u1ec3 chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n, cho th\u1ea5y tin t\u1eb7c \u0111ang ng\u00e0y c\u00e0ng s\u00e1ng t\u1ea1o khi bi\u1ebft c\u00e1ch bi\u1ebfn m\u1ed9t c\u00f4ng c\u1ee5 t\u01b0\u01a1ng th\u00edch t\u01b0\u1edfng nh\u01b0 v\u00f4 h\u1ea1i th\u00e0nh v\u0169 kh\u00ed t\u1ea5n c\u00f4ng l\u1ee3i h\u1ea1i.<\/p>\n

Hacker \u0111\u00e3 l\u1ee3i d\u1ee5ng IE Mode nh\u01b0 th\u1ebf n\u00e0o?\u200b<\/h3>\n

B\u01b0\u1edbc 1: Gi\u0103ng b\u1eaby t\u00e2m l\u00fd, d\u1eabn d\u1ee5 ng\u01b0\u1eddi d\u00f9ng t\u1ef1 chuy\u1ec3n sang IE Mode\u200b<\/h4>\n

Tin t\u1eb7c \u0111\u1ea7u ti\u00ean d\u1ef1ng l\u00ean c\u00e1c trang web gi\u1ea3 m\u1ea1o tr\u00f4ng gi\u1ed1ng h\u1ec7t c\u00e1c trang ch\u00ednh th\u1ed1ng, nh\u01b0: C\u1ed5ng d\u1ecbch v\u1ee5 c\u00f4ng, ph\u1ea7n m\u1ec1m doanh nghi\u1ec7p hay trang camera an ninh, v\u1ed1n th\u01b0\u1eddng y\u00eau c\u1ea7u d\u00f9ng IE \u0111\u1ec3 hi\u1ec3n th\u1ecb ch\u00ednh x\u00e1c.<\/p>\n

Khi ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp, m\u1ed9t th\u00f4ng b\u00e1o b\u1eadt l\u00ean (flyout notification) s\u1ebd xu\u1ea5t hi\u1ec7n, y\u00eau c\u1ea7u h\u1ecd \u201ct\u1ea3i l\u1ea1i trang b\u1eb1ng ch\u1ebf \u0111\u1ed9 Internet Explorer \u0111\u1ec3 t\u01b0\u01a1ng th\u00edch t\u1ed1t h\u01a1n\u201d.<\/p>\n

H\u00e0nh \u0111\u1ed9ng t\u01b0\u1edfng ch\u1eebng v\u00f4 h\u1ea1i n\u00e0y l\u1ea1i khi\u1ebfn tr\u00ecnh duy\u1ec7t chuy\u1ec3n t\u1eeb m\u00f4i tr\u01b0\u1eddng an to\u00e0n c\u1ee7a Edge sang n\u1ec1n IE l\u1ed7i th\u1eddi, n\u01a1i c\u00e1c l\u1edbp ph\u00f2ng v\u1ec7 b\u1ea3o m\u1eadt g\u1ea7n nh\u01b0 kh\u00f4ng c\u00f2n.<\/p>\n

B\u01b0\u1edbc 2: Khai th\u00e1c l\u1ed7 h\u1ed5ng zero-day trong nh\u00e2n JavaScript c\u1ee7a IE\u200b<\/h4>\n

Ngay khi ng\u01b0\u1eddi d\u00f9ng k\u00edch ho\u1ea1t IE Mode, m\u00e3 \u0111\u1ed9c zero-day s\u1ebd \u0111\u01b0\u1ee3c k\u00edch ho\u1ea1t, khai th\u00e1c l\u1ed7 h\u1ed5ng trong Chakra Engine – b\u1ed9 x\u1eed l\u00fd JavaScript c\u0169 c\u1ee7a Internet Explorer.<\/p>\n

L\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p tin t\u1eb7c ch\u00e8n v\u00e0 th\u1ef1c thi m\u00e3 \u0111\u1ed9c t\u1eeb xa, chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n tr\u00ecnh duy\u1ec7t.<\/p>\n

B\u01b0\u1edbc 3: Leo thang \u0111\u1eb7c quy\u1ec1n – chi\u1ebfm to\u00e0n quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n h\u1ec7 th\u1ed1ng\u200b<\/h4>\n

Sau khi \u0111\u00e3 chi\u1ebfm quy\u1ec1n trong m\u00f4i tr\u01b0\u1eddng tr\u00ecnh duy\u1ec7t, k\u1ebb t\u1ea5n c\u00f4ng tri\u1ec3n khai payload th\u1ee9 hai \u0111\u1ec3 tho\u00e1t kh\u1ecfi \u201ch\u1ed9p c\u00e1t\u201d (sandbox) b\u1ea3o v\u1ec7 c\u1ee7a Edge.
\nT\u1eeb \u0111\u00f3, ch\u00fang c\u00f3 th\u1ec3:<\/p>\n