CVE-2002-0371

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.1 through 6.0 Microsoft Proxy Server version 2.0 Microsoft ISA Server version 2000

Description A buffer overflow issue exists in the gopher client, allowing remote attackers to execute arbitrary code via a gopher:// URL. This URL redirects the user to a real or simulated gopher server that sends a long response.

Recommendations For Microsoft Internet Explorer versions 5.1 through 6.0, apply the necessary patch to fix the buffer overflow issue in the gopher client. For Microsoft Proxy Server version 2.0, restrict access to gopher:// URLs to minimize the risk of exploitation. For Microsoft ISA Server version 2000, consider disabling the gopher client functionality until a patch is available.