Feeds

Gopher holes in IE

Blast from the past

  • alert
  • submit to reddit

Gartner critical capabilities for enterprise endpoint backup

Finnish researchers Oy Online have discovered a way to root a windows box using a gopher URL to cause a buffer overflow in the IE Gopher client.

"A test exploit has been successfully used to run arbitrary code without user intervention with various IE versions and systems including IE 5.5 and 6.0," the group says.

A link in a Web page or an e-mail could lure a person to a malicious Gopher server. While these may be a rare bit of Internet fauna these days, malicious or not, it's not actually necessary to use a fully-functioning one. Any program listening on a TCP port with the ability to write a block of data can get the job done.

MS says they're working on a patch but have offered no estimated release date.

For a quick workaround Oy Online recommends simply using a broken proxy for Gopher in IE settings. See their advisory here for simple instructions, and additional details. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Microsoft boots 1,500 dodgy apps from the Windows Store
DEVELOPERS! DEVELOPERS! DEVELOPERS! Naughty, misleading developers!
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Uber, Lyft and cutting corners: The true face of the Sharing Economy
Casual labour and tired ideas = not really web-tastic
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.