Feeds

Gopher holes in IE

Blast from the past

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Finnish researchers Oy Online have discovered a way to root a windows box using a gopher URL to cause a buffer overflow in the IE Gopher client.

"A test exploit has been successfully used to run arbitrary code without user intervention with various IE versions and systems including IE 5.5 and 6.0," the group says.

A link in a Web page or an e-mail could lure a person to a malicious Gopher server. While these may be a rare bit of Internet fauna these days, malicious or not, it's not actually necessary to use a fully-functioning one. Any program listening on a TCP port with the ability to write a block of data can get the job done.

MS says they're working on a patch but have offered no estimated release date.

For a quick workaround Oy Online recommends simply using a broken proxy for Gopher in IE settings. See their advisory here for simple instructions, and additional details. ®

Beginner's guide to SSL certificates

More from The Register

next story
Nexus 7 fandroids tell of salty taste after sucking on Google's Lollipop
Web giant looking into why version 5.0 of Android is crippling older slabs
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.