Re: DSO EXPLOITS - HELP! WHAT THE HECK ARE THEY?
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 08/27/04
- Next message: Jessica: "Not Sasser after all"
- Previous message: Cris: "Re: Bloodhound.exploit.6 Trojan"
- In reply to: Bruce Chambers: "Re: DSO EXPLOITS - HELP! WHAT THE HECK ARE THEY?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Aug 2004 21:56:28 -0400
Yep, the URLs on that page will definitely test the Exploit as shown by McAfee Enterprise
v7.1
8/26/2004 9:53:29 PM Delete failed (Clean failed) DLIPMAN-1\lipman D:\temp\IE6\Temporary
Internet Files\Content.IE5\FZ4HCZOS\simplebind[1].htm Exploit-CodeBase.gen
8/26/2004 9:54:17 PM Deleted DLIPMAN-1\lipman D:\temp\IE6\Temporary Internet
Files\Content.IE5\X13KYM0K\advbind[1].htm Exploit-CodeBase.gen
Dave
"Bruce Chambers" <bruce_a_chambers@h0tmail.com> wrote in message
news:OLslQf9iEHA.2908@TK2MSFTNGP10.phx.gbl...
| Greetings --
|
| The DSO exploit was patched long ago by IE Cumulative Update
| MS02-015, in March of 2002. If you've installed this specific patch,
| or any subsequent IE Cumulative Updates, or Service Pack 1, you're
| safe. It would appear that the latest version of Spybot S&D is only
| checking for Internet zone settings in the registry that could be used
| as work-around protection, and not for the presence of any corrective
| patches. Hopefully, the makers of Spybot will soon fix this bug.
|
| MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
| http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182
|
| If you like, you can test your system for this particular
| vulnerability at this web site:
| http://www.greymagic.com/security/advisories/gm001-ie/
|
| The makers of SpyBot S&D have acknowledged the problem and will
| fix it on their next update:
| http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs
|
| In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
| Ignore Products > Security > DSO Exploit, to turn off the false alarm.
|
|
| Bruce Chambers
| --
| Help us help you:
| http://dts-l.org/goodpost.htm
| http://www.catb.org/~esr/faqs/smart-questions.html
|
| You can have peace. Or you can have freedom. Don't ever count on
| having both at once. - RAH
|
|
| "JR" <anonymous@discussions.microsoft.com> wrote in message
| news:044d01c48bbe$787a3ae0$a401280a@phx.gbl...
| >I have Windows XP and Spybot Search & Destroy installed.
| > When I run spybot, it found DSO exploits with the
| > description that 'there's a security hold in IE allowing
| > websites to execute code without asking you first. You
| > can find more information at
| > http://security.greymagic.com/adv/gm001-ie/'
| >
| > If there are IE security holes wouldn't SP2 solve this?
| > Spybot can't seem to get rid of this - how can I get rid
| > of DSO exploits?
| > Thanks.
|
|
- Next message: Jessica: "Not Sasser after all"
- Previous message: Cris: "Re: Bloodhound.exploit.6 Trojan"
- In reply to: Bruce Chambers: "Re: DSO EXPLOITS - HELP! WHAT THE HECK ARE THEY?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
