Sponsored Links

Gopher holes in Internet Explorer

Mel

0
Sorry about the bad pun :o

Microsoft security bulletin
Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice (Q323889)

Date: 11 June 2002
Software: Internet Explorer, Proxy Server, Internet Security and
Acceleration Server
Impact: Run Code of Attacker's Choice
Max Risk: Critical
Bulletin: MS02-027

No official patch is available yet.
Microsoft suggest setting your firewall to block TCP port 70 while they sort it.
(Gopher is a legacy protocol)

or this -
******************
Right Click on Internet Explorer(IE) Icon on the
Desktop or while IE is open, Click on "Tools" and select "Internet Options"

Click on the "Connections" Tab

Click on the "LAN Settings..." button
Uncheck “automatically detect settings”
If "automatic configuration script" is set, check with your administrator if gopher server is called out.
Check the "Use proxy server for your LAN..." Checkbox
Click on the "Advanced..." button
Ensure “use the same proxy server for all protocols” is unchecked.
In the "Proxy addresses to use" textbox next to the word Gopher, Type "LocalHost"
In the "Port" textbox next to the Gopher protocol, Type "1"
Click 'OK' until the Internet Options Menu disappears.

Dialup users can find the proxy settings by selecting a dialup connection under "Dialup settings" and clicking "Settings...".

<a href="http://gopher://www.solutions.fi:7000/0" target="_blank">Click this to test</a>
***************
For full details see-

<a href="http://www.microsoft.com/technet/security/bulletin/MS02-027.asp" target="_blank">http://www.microsoft.com/technet/security/bulletin/MS02-027.asp</a>

A clearer explaination is available here

<a href="http://www.solutions.fi/index.cgi/news_2002_06_04?lang=en" target="_blank">http://www.solutions.fi/index.cgi/news_2002_06_04?lang=en</a>

& there is also a third party patch available if you follow the unpatched link in this thread (I haven't tried it)

<a href="http://www.ispreview.co.uk/ubb2/ultimatebb.php?ubb=get_topic;f=216;t=000010" target="_blank">http://www.ispreview.co.uk/ubb2/ultimatebb.php?ubb=get_topic;f=216;t=000010</a>

<small>[ 12-06-2002, 09:54 PM: Message edited by: Mel ]</small>
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6028)
  2. BT (3639)
  3. Politics (2721)
  4. Business (2440)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2146)
  8. FTTC (2083)
  9. Statistics (1902)
  10. 4G (1816)
  11. Virgin Media (1764)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1407)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules