A researcher has uncovered strange and unexpected behavior in Windows 10 that allows remote attackers to steal data stored on hard drives when a user opens a malicious file downloaded with the Edge browser.

Page claimed that when using the file manager to open a maliciously crafted MHT file downloaded with Internet Explorer, the browser uploaded one or more files to a remote server.

Below this paragraph in Page's post was a video demonstration of the proof-of-concept exploit Page created.

“This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information,” Page wrote.

“Example, a request for ‘c:\Python27\NEWS.txt’ can return version information for that program.”

Beware of XML external entity attacks

The text above is a summary, you can read full article here.