Dso Exploit - Security Hole

[musicmaster]

I have done a Spybot scan... and it returned an entry called DSO Exploit. It looks like 1 entry, although it is a root file with a tree, that branches down into five entries. Anyway, I select to fix the problem, and Spybot says it has fixed it... although the entry is still there. It gives information on the right side of the screen which says this:

-----------------------------------------------------------------------------------------------

Company: Microsoft
Product: Internet Explorer
Threat: Security hole

Company URL:
http://www.microsoft.com/
Company product URL:
http://www.microsoft.com/windows/ie/
Company privacy URL:
http://www.microsoft.com/info/privacy.htm

Description
There's a security hole in IE allowing websites to execute code without asking you first. You can find more information at http://security.greymagic.com/adv/gm001-ie/

-----------------------------------------------------------------------------------------------

Anyway, I go the greymagic website it suggests to find out more info. and what I can do, although it doesnt give any instructions on how to repair this. Any help from anyone would be greatly appreciated.

Thanks.

[dopey]

Since the injected <object> runs in the "My Computer" Zone changing the Internet Zone&#39;s settings didn&#39;t affect it, but changing the correct zone&#39;s settings will prevent this exploit from running.

Here is the registry information:

[HKEY_CURRENT_USER&#092;Software&#092;Microsoft&#092;Windows&#092;CurrentVersion&#092;Internet Settings&#092;Zones&#092;0]
Change the value of "1004" (DWORD) to 3.

Many thanks to Axel Pettinger and Garland Hopkins for this workaround.

from the site you mentioned.

just be sure to backup the key in question before trying.

and how do you know the dso exploit is still there? sometimes spybot needs a reboot to fix the item in question.

[supersonic]

To repair this, Disable scripts; not recommended since alot fo sites use Java and other scripts.

[musicmaster]

Originally posted by dopey@16 June 2004 - 12:22

Since the injected <object> runs in the "My Computer" Zone changing the Internet Zone&#39;s settings didn&#39;t affect it, but changing the correct zone&#39;s settings will prevent this exploit from running.

Here is the registry information:

[HKEY_CURRENT_USER&#092;Software&#092;Microsoft&#092;Windows&#092;CurrentVersion&#092;Internet Settings&#092;Zones&#092;0]
Change the value of "1004" (DWORD) to 3.

Many thanks to Axel Pettinger and Garland Hopkins for this workaround.

from the site you mentioned.

just be sure to backup the key in question before trying.

and how do you know the dso exploit is still there? sometimes spybot needs a reboot to fix the item in question.

supersonic Posted: 16 June 2004 - 18:41

To repair this, Disable scripts; not recommended since alot fo sites use Java and other scripts.


-----------------------------------------------------------------------------------------------



supersonics idea seems completely pointless to me as the first sentence says do this.... and the second says... its not a good idea.

Thanks for advice buddy.

Hey Dopey... if you can show me exactly how to do what you suggest, that would be great, because I have no clue on this.

Cheers

[supersonic]

To disable scripts:
IE:
Internet options>security>&#39;chose a security zone&#39; then go go "custome level" and disable scripting.
As I said, you CAN do it, but I DON&#39;T think you SHOULD do it.
Solution:
Get Firefox instead of IE, it might solve ur problem.

[musicmaster]

Yes supersonic... I understand you said CAN... and I say... why would you suggest to do something... then say " I dont recommend it" Kinda pointless eh?

Also, I dont plan on getting rid of IE. I wish would stop suggesting another browser. IE is fine... just like it was when I had another issue. It wasnt the damn browser it was the firewall. So no changing of the browswer for me.

And I still need info on how to fix the orginal problem. I don&#39;t want suggestions on what I &#39;CAN&#39; do, but not recommened. That is why I was asking Dopey... because he solved a problem for me before, without giving me "I wouldnt recommend doing this" lingo.

[Jg427]

It sounds like the spybot bug that&#39;s causing it to return.

Manually changing the registry key value should fix it, as posted earlier.

[manker]

Originally posted by musicmaster@18 June 2004 - 21:07
Yes supersonic... I understand you said CAN... and I say... why would you suggest to do something... then say " I dont recommend it" Kinda pointless eh?

Also, I dont plan on getting rid of IE. I wish would stop suggesting another browser. IE is fine... just like it was when I had another issue. It wasnt the damn browser it was the firewall. So no changing of the browswer for me.

And I still need info on how to fix the orginal problem. I don&#39;t want suggestions on what I &#39;CAN&#39; do, but not recommened. That is why I was asking Dopey... because he solved a problem for me before, without giving me "I wouldnt recommend doing this" lingo.

you have such a bad attitude when asking for advice. if you don&#39;t like the advice given then don&#39;t follow it, no need to bitch and whine. what is wrong with saying "thanks but I don&#39;t wish to change my browser, does anyone know of a different fix?"

no-one is getting paid to put up with your crap.

[dopey]

from Jg427&#39;s link


The second choice would be to use a REG file to fix it. Open notepad and paste the contents of this block into is:

Code:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1004"=dword:00000003

Save that to some place on your disk as something like: FIXDSO.REG
save as all files

Then you can simply double click that file and merge the change (fix) into your registry. This will fix the one for the "current user" you are logged into your system as. There is less chance of making an error this way. Note that it is always recommended to backup your registry before making changes to it. (If you are unsure about doing that, then I refer you back to my main recommendation above and wait for Spybot to fix it.)

to backup your registry, you can simply create a restore point.

Code:

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx

the gist of all the previous posts there recommended that you can make use of all the critical windows updates, and you should be protected, and/or wait for spybot to update to correct the problem.

[zapjb]

I use dsostop2.exe it&#39;s freeware.