June 6th, 2002, 01:16 PM
Finnish researchers Oy Online ( http://www.solutions.fi/index.cgi/?lang=eng )have discovered a way to root a windows box using a gopher URL to cause a buffer overflow in the IE Gopher client.
"A test exploit has been successfully used to run arbitrary code without user intervention with various IE versions and systems including IE 5.5 and 6.0," the group says.
A link in a Web page or an e-mail could lure a person to a malicious Gopher server. While these may be a rare bit of Internet fauna these days, malicious or not, it's not actually necessary to use a fully- functioning one. Any program listening on a TCP port with the ability to write a block of data can get the job done.
MS says they're working on a patch but have offered no estimated release date.
For a quick workaround Oy Online recommends simply using a broken proxy for Gopher in IE settings. See their advisory here ( http://www.solutions.fi/index.cgi/ne...06_04?lang=eng )for simple instructions, and additional details.
Finnish researchers Oy Online ( http://www.solutions.fi/index.cgi/?lang=eng )have discovered a way to root a windows box using a gopher URL to cause a buffer overflow in the IE Gopher client.
"A test exploit has been successfully used to run arbitrary code without user intervention with various IE versions and systems including IE 5.5 and 6.0," the group says.
A link in a Web page or an e-mail could lure a person to a malicious Gopher server. While these may be a rare bit of Internet fauna these days, malicious or not, it's not actually necessary to use a fully- functioning one. Any program listening on a TCP port with the ability to write a block of data can get the job done.
MS says they're working on a patch but have offered no estimated release date.
For a quick workaround Oy Online recommends simply using a broken proxy for Gopher in IE settings. See their advisory here ( http://www.solutions.fi/index.cgi/ne...06_04?lang=eng )for simple instructions, and additional details.
Keep em coming!
