New IE gopher flaw enables remote PC attacks
The bug could allow a remote user to gain access to a host computer.
IDG News Service - Another security flaw identified in Microsoft Corp.'s Internet Explorer 5.5 and 6.0 Web browsers has the potential to give a remote user access to a host computer, according to a Finnish security company.
The attack exploits IE's built-in gopher client. Gopher, a nearly obsolete protocol for accessing remote directories and files, has been largely superseded by the Web and HTTP.
The code in IE that parses gopher replies contains an exploitable buffer overflow bug. A malicious server could be used to run arbitrary code on an IE user's system, Online Solutions Oy said in a security advisory issued yesterday.
The attack can be launched via a Web page or an HTML mail message that redirects the user to a malicious gopher server when the user views them. The exploiter could do anything a regular user could do on the system -- retrieve, install or remove files, or upload and run programs.
IE users can protect themselves from the flaw by disabling the gopher protocol. Since very few gopher servers still exist on the Internet today, this is unlikely to cause operational problems, the company said.
Jyvaskyla, Finland-based Online Solutions said it informed Microsoft of the vulnerability May 20 and that Microsoft has indicated that it's working on a patch.
A Microsoft spokesman said the Microsoft Security Response Center is investigating the issue, just as the company does with every report it receives of security vulnerabilities affecting Microsoft products.
"At this point in the investigation we feel strongly that speculating on the issue while the investigation is in progress would be irresponsible and counterproductive to our goal of protecting our customers' information," the spokesman said.
"Microsoft is moving forward on the investigation with all due speed and, when it is completed, we will take the action that best serves Microsoft's customers," the spokesman said.
The spokesman said Microsoft was concerned with the way the report of this vulnerability was handled. He said publishing the report could put computer users at risk -- or at the very least could cause needless confusion and apprehension. He said responsible security researchers work with the vendor of a suspected vulnerability to ensure that a patch is developed before the issue is made public.
Until a patch is released, Online Solutions suggests that users follow a simple way to disable processing and displaying gopher pages by defining a nonfunctional gopher proxy in the Internet Options menu.
Users should select Tools -> Internet options -> Connections; click on "LAN settings"; check "Use a proxy server for your LAN"; click on "Advanced..."; in this area, where users can define proxy servers to be used with different protocols, go to the gopher text field and enter "localhost", and "1" in the port text field. This will stop IE from fetching any gopher documents, the company said.
Linda Rosencrance of Computerworld contributed to this report.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Reducing the Cost and Complexity of Web Vulnerability Management
- Hackers and cybercriminals are constantly refining their attacks and targets; which means you need agile tools to stay ahead of them.
Download this... - Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will... All Malware and Vulnerabilities White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All Malware and Vulnerabilities Webcasts