Re: DSO Exploit
From: Karl Levinson [x y], mvp (levinson_k@despammed.com)
Date: 04/19/03
- Previous message: bferg@wi.rr.com: "Network Icons are gone"
- In reply to: Blue Event Horizon: "DSO Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y], mvp" <levinson_k@despammed.com> Date: Sat, 19 Apr 2003 16:59:00 -0400
Sorry, I think you're best off either contacting the company that made the
software that detected this [was it Spybot?] or search www.google.com or
www.google.com/advanced_group_search. DSO Exploit means a lot of different
things, refers to more than one exploit. It looks to me like Spybot is just
looking at your registry setting corresponding to a particular IE security
value, and saying that it is not the optimal value due to some known
vulnerabilities. It does not sound like any particular attack or spyware
was detected, just a vulnerability. Consider changing the relevant setting
[e.g. relating to IE Zones, if I read correctly] and also install all
windows patches at www.windowsupdate.com just in case one of them helps
here. Installing IE6 and Office XP / 2002 or the Outlook Security Update
changes the default internet zone and so may stop this exploit.
http://security.greymagic.com/adv/gm001-ie/
If I read correctly, this issue is that a computer could be sent an email or
somehow tricked into running code hosted on a hostile web site, and either
of these could allow an attacker to remotely run commands on your computer.
Because of these attack vectors, you're probably not going to be too likely
to encounter this sort of attack in real life, unless tied to a worm
"virus," in which case running antivirus software with the latest updates,
like www.grisoft.com which is free, could help as well.
Regardless, best security practices still remain the same:
http://securityadmin.info/faq.htm#harden
If you haven't already at least done some of the things listed at the link
above such as antivirus, firewall, installed updates, hardening checklists,
etc., then you really shouldn't waste time worrying about this.
"Blue Event Horizon" <invalid@nospamneeded.com> wrote in message
news:I0ioa.32523$4P1.2928417@newsread2.prod.itd.earthlink.net...
> Can someone explain very simply what this DSO Exploit Spybot finds is,
> what they think is the best response and why. I've read the web
> referenced info from the description but am still not clear about the
> subject. I have Windows Me, IE 5.5, Norton Internet Security 2002 and
> higher security settings in IE than the defaults. I know approximately
> nothing about Registry and related subjects and don't want to make any
> changes I'll regret. I've copied from the results of a search and
> pasted that information below:
>
> DSO Exploit: Data source object exploit (Registry change, nothing done)
> HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\Zones\0\1004=W=3
>
>
>
>
- Previous message: bferg@wi.rr.com: "Network Icons are gone"
- In reply to: Blue Event Horizon: "DSO Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
