Re: DSO EXPLOITS - HELP! WHAT THE HECK ARE THEY?

From: Bruce Chambers (bruce_a_chambers_at_h0tmail.com)
Date: 08/27/04 

Date: Thu, 26 Aug 2004 19:47:29 -0600

Greetings --

    The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

 MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

    If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/

    The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

    In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Bruce Chambers 

-- 
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on 
having both at once. - RAH
"JR" <anonymous@discussions.microsoft.com> wrote in message 
news:044d01c48bbe$787a3ae0$a401280a@phx.gbl...
>I have Windows XP and Spybot Search & Destroy installed.
> When I run spybot, it found DSO exploits with the
> description that 'there's a security hold in IE allowing
> websites to execute code without asking you first. You
> can find more information at
> http://security.greymagic.com/adv/gm001-ie/'
>
> If there are IE security holes wouldn't SP2 solve this?
> Spybot can't seem to get rid of this - how can I get rid
> of DSO exploits?
> Thanks.

Relevant Pages

  • Re: Spyware removal
    ... or any subsequent IE Cumulative Updates, or Service Pack 1, you're ... the makers of Spybot will soon fix this bug. ... 2002 Cumulative Patch for Internet Explorer ... Ignore Products> Security> DSO Exploit, to turn off the false alarm. ...
    (microsoft.public.windowsxp.general)
  • Re: DSO EXPLOIT?? (spybot)
    ... or any subsequent IE Cumulative Updates, or Service Pack 1, you're ... the makers of Spybot will soon fix this bug. ... 2002 Cumulative Patch for Internet Explorer ... > Searhing for spyware led me to the best software, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: DSO exploit and IE 6
    ... or any subsequent IE Cumulative Updates, or Service Pack 1, you're ... the makers of Spybot will soon fix this bug. ... 2002 Cumulative Patch for Internet Explorer ... > download and it says I do have it cant install. ...
    (microsoft.public.windowsxp.general)
  • Re: DSO Exploit
    ... or any subsequent IE Cumulative Updates, or Service Pack 1, you're ... the makers of Spybot will soon fix this bug. ... 2002 Cumulative Patch for Internet Explorer ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Troublesome pests keeps reviving themselves
    ... or any subsequent IE Cumulative Updates, or Service Pack 1, you're ... the makers of Spybot will soon fix this bug. ... 2002 Cumulative Patch for Internet Explorer ... Ignore Products> Security> DSO Exploit, to turn off the false alarm. ...
    (microsoft.public.windowsxp.security_admin)
Quantcast