DSO Exploit - Spybot "fixes" but doesn't seem to actually fix...

Discussion in 'other security issues & news' started by username, Jul 14, 2004.

Thread Status:
Not open for further replies.
  1. username

    username Registered Member

    Joined:
    May 31, 2004
    Posts:
    27
    Spybot tells me that I have a "DSO Exploit", which seems to be some exploit of MS-IE and/or Outlook. It suggests I look it at security.greymagic.com/adv/gm001-ie . That link discusses some issues concerning active scripting and dynamically injected html code, etc. etc. witht he bottom line being to do the following:

    ____________________________________
    There is no configuration-tweaking workaround for this bug, it will work as long as the browser parses HTML. The only possible solution must come in the form of a patch from Microsoft.

    Update - 3 Mar 2002

    Since the injected <object> runs in the "My Computer" Zone changing the Internet Zone's settings didn't affect it, but changing the correct zone's settings will prevent this exploit from running.

    Here is the registry information:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    Change the value of "1004" (DWORD) to 3.

    Many thanks to Axel Pettinger and Garland Hopkins for this workaround.
    ____________________________________________________

    Does any one have any insight or similar experiences?

    Can you please tell me whether the above is good advice and how specifically I can edit the keys if it's good advice (e.g., with regedit or regedit4??) ?
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,873
    Location:
    New England
    Here are a couple threads on this issue. The fact that Spybot finds the problem but can't fix it, is just a bug in Spybot v1.3. You can ignore it if you are current with Windows Update patches. (In fact, the patch for this came out about 2 years ago, so if you've done Windows Updates in the last year, you are probably no longer vulnerable to the exploit regardless of the setting Spybot finds).

    https://www.wilderssecurity.com/showthread.php?t=32387

    https://www.wilderssecurity.com/showthread.php?t=39557
     
Loading...
Thread Status:
Not open for further replies.