An attack can arrive via a link on a specially designed Web page or through a link in e-mail. Anyone who exploits this vulnerability can execute rogue code on systems running Internet Explorer 5.5 and 6. Oy Online Solutions has informed Microsoft of the problem, but no software solution is yet available from Microsoft. In the meantime, Oy Online Solutions suggests a workaround.
How it works
Although its protocol is somewhat archaic, the Gopher is supported by recent versions of Internet Explorer. Developed in the early 1990s by the University of Minnesota (The Gophers), the Gopher protocol allows users to connect to directories and files available on Gopher servers. Like HTTP, Gopher pages can be accessed by starting the desired address with Gopher://.
Details of the buffer overflow are not available, and no one has yet written an exploit that takes advantage of this vulnerability. Oy Online Solutions notes that an attack location for the Gopher exploit need not be a full Gopher server, but could be just a program that listens on a TCP port and that can write a block of malicious data.
Prevention
Oy Online Solutions suggests that users of Internet Explorer 5.5 and 6 disable the Gopher protocol within the browser. One solution is to create a Gopher proxy in Internet Options located under Tools on the status bar.
- From Tools > Internet Options > Connections, select LAN Settings.
- Check "Use a proxy server for your LAN."
- Click Advanced and define the Gopher text field as localhost and type 1 in the port text field.
- Click OK to save and exit.
For modem users not on a LAN, the Gopher proxy settings are located under Tools > Internet Options > Connections, then select Settings.
As a test, Oy Online Solutions offers this address: Gopher://www.solutions.fi:7000/0. If a text page displays, then you are not protected against this vulnerability.
