Techno-News Blog Ray Schroeder, editor, OTEL - University of Illinois at Springfield |
|
|
Technology News for Higher Education Times and Dates Coordinated Universal Time
Subscribe to Techno-News Blog by Email
|
Thursday, June 06, 2002
http://www.infoworld.com/articles/hn/xml/02/06/05/020605hngopher.xml New IE flaw enables remote PC attacks David Legard ANOTHER SECURITY FLAW identified in Microsoft's IE 5.5 and 6.0 Web browsers has the potential to give a remote user access to a host computer, according to security company Online Solutions. The attack exploits IE's built-in gopher client. Gopher is a nearly obsolete protocol for accessing remote directories and files which has been largely superseded by the Web and Hypertext Transfer Protocol (HTTP). The part of code in IE which parses gopher replies contains an exploitable buffer overflow bug. A malicious server may be used to run arbitrary code on an IE user's system, Online Solutions said in a security advisory issued Tuesday. The attack can be launched via a Web page or an HTML mail message which redirects the user to a malicious gopher server when the user views them. The exploiter could do anything that a regular user could do on the system -- retrieve, install, or remove files, upload and run programs....
Comments:
Post a Comment
|
