Online business Toolkit

Experts warn of IE Gopher hole

Tags:
Gopher,
Internet Protocol,
Vulnerability,
Internet Explorer

Joe Wilcox, CNET News.com CNET News

Published: 06 Jun 2002 07:32 BST

A Finnish security company on Tuesday warned that hackers could exploit an outdated, little-used Internet protocol to seize control of computers running Microsoft's Internet Explorer Web browser.

The new exploit involves Gopher, a protocol for fetching data on remote servers popular before the explosive growth of the Internet. Gopher has largely disappeared from use, for the most part replaced by the HTTP protocol accessed using Web browsers.

But IE still supports the archaic protocol, which can be used to exploit a buffer overflow bug and expose a client computer to a server running malicious code. A hacker could then seize control of the client computer, with full ability to access data, copy files or install programs, among other tasks.

Oy Online Solutions uncovered the new security vulnerability on 20 May, according to a posting on the company's Web site. Microsoft, which could not be reached for comment, has yet to issue a security warning on this issue.

The new vulnerability is just one in a recent string of Microsoft security problems, despite increased emphasis on security and vulnerability following a companywide memo from chairman Bill Gates in January.

The new exploit is in some ways insidious because the user does not have to actively connect to a Gopher server, according to Oy Online. Code inserted in a Web page or even HTML email could redirect the IE user's computer to a Gopher server. The security company, which reproduced the flaw in IE 5.5 and IE 6.0, warned that a hacker would not even need to run a full Gopher server to take advantage of the security hole.

Oy Online recommends that until Microsoft releases a patch, IE 5.5 and 6.0 users should disable Gopher by going to the Tools menu and accessing "LAN Settings" under "Connections." They should then open the "Use proxy server for your LAN" box and access the "Advanced Tab." Finally, users should go to the Gopher text field and enter "localhost" and "1" in the port setting box.

Interestingly, this compels users to check the proxy server box, which is off by default.

"Yes, the browser is vulnerable by default when the proxy setting is off," Oy Online managing director Jyrki Salmi said. "The browser can be vulnerable also when the proxy setting is on if the proxy passes the hostile code unchanged. We have not investigated any particular proxy servers on this issue."

Salmi warned that Oy Online's workaround is a quick fix that needs to be addressed by Microsoft.

"We are just instructing users to use the proxy setting to explicitly deny all Gopher connections from the browser because there is no other way to do it to our knowledge," he explained. We asked for other ways from Microsoft, but they refused to answer our question."

Other recent Microsoft security problems include a pair of problems affecting how IE handles cookie files, an IE cross-scripting bug, a buffer overflow exposing MSN Messenger and Windows Messenger to hackers, and a potential breach of MSN Messenger's chat features.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.