security issue

I ran spybot and have had response of 'DSO Exploit.....5 entries' which it
interpretes as a 'securty hole in Internet Explorer enabling websites to
execute code without asking you'.

Is this a real issue, and if so, can it be remedied please?

From: "doots" <>

| I ran spybot and have had response of 'DSO Exploit.....5 entries' which it
| interpretes as a 'securty hole in Internet Explorer enabling websites to
| execute code without asking you'.
|
| Is this a real issue, and if so, can it be remedied please?

The DSO Exploit is a false Positive declaration in older versions of SpyBot S&D.
You should be using SpyBot S&D v1.3.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Thanks to those who replied,especially dak. very helpful
doots

"dak" wrote:

> On Mon, 23 May 2005 17:51:11 -0700, "doots"
> <> wrote:
>
> >I ran spybot and have had response of 'DSO Exploit.....5 entries' which it
> >interpretes as a 'securty hole in Internet Explorer enabling websites to
> >execute code without asking you'.
> >
> >Is this a real issue, and if so, can it be remedied please?
>
> The DSO EXPLOIT problem has been sorted out, with several different
> ways to deal with it. What has not happened is the correction being
> made available in/as a public release. It has been included in BETA
> releases. That said, here is my standard blurb on the DSO EXPLOIT,
> you should be able to find a method that will work for you from these:
>
> You can deal with the false flags several ways - ignore them, set
> Spybot S&D to ignore them, or correct them (either with the fixed
> Spybot S&D version or manually):
>
> -IGNORE THEM:
> The DSO EXPLOITS are incorrectly "fixed" by Spybot S&D so they show
> up again on the next scan. If you are up to date on your Microsoft
> updates and patches then you don't have to worry about the DSO
> EXPLOITS, as that particular "weakness" has been corrected.
>
> -SET SPYBOT S&D TO IGNORE THEM:
> To stop the DSO EXPLOITS false flags you can set Spybot S&D to ignore
> them:
> -Open Spybot S&D, click on SETTINGS.
> -Click on IGNORE PRODUCTS
> -Click on SECURITY
> -Check the DSP EXPLOIT box
>
> -CORRECT THEM (WITH FIXED SPYBOT S&D):
> You can download and install "Spybot S&D 1.3.1 TX" which corrects the
> DSO EXPLOIT problem in Spybot S&D. This will replace the executable
> ONLY, so you must already have either "Spybot S&D 1.3" or "Spybot S&D
> 1.3.1" installed. You can download "Spybot S&D 1.3.1 TX" from:
>
> <http://www.majorgeeks.com/download4392.html>
>
> -CORRECT THEM (BY MANUALLY EDITING THE REGISTRY):
> You can fix them manually by running regedit and editing the specific
> keys to a DWORD value of 3.
> Go to each specific key Spybot flagged and right-click on the bad
> 1004 key (will show a REG_SZ instead of a REG_DWORD for data type) in
> the right panel and select Delete.
> Then in a blank section in that same right panel in regedit, do a
> right-click and add a "New" > "DWORD" value.
> Name the new DWORD value 1004 (like the one you just deleted).
> When it is created, double-click on it and enter a value of 3.
>
> If you have multiple versions of this under different users on your
> system, you'll need do the same thing for each of them.
> After manually repairing the keys run Spybot again to see if you
> missed any keys. Don't let Spybot try to fix any of the keys, just
> use it to find the specific problem locations.
>
> -EXPLANATION:
> Basically, Spybot is finding that the security setting for "Download
> unsigned ActiveX controls" for the (normally) hidden "My Computer"
> zone in Internet Explorer is not set to disabled, and a minor bug is
> preventing Spybot from repairing it properly so it is again detected
> on the next scan.
> You are probably seeing several keys similar to this one:
>
> DSO Exploit: Data source object exploit (Registry change, nothing
> done)
>
> HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet
> Settings\Zones\0\1004!=W=3
>
> The "\0\" points to the My Computer Zone. The key "1004" holds the
> value for the specific setting "Download unsigned ActiveX controls".
> The "!=" means "not equal". "W=3" (word value of 3) specifically
> means "disabled". Read "1004!=W=3" as "The key 1004 does not contain
> a word value of 3." Meaning Spybot is finding that this setting is
> not disabled for various users defined on the system and is flagging
> it.
> When it attempts to fix that value (setting it to 3) it isn't setting
> the proper type of data element - a DWORD value. So, that registry
> item ends up with no value at all after the fix is performed, and each
> time you scan again Spybot will find the value in those keys is still
> not equal to 3.
>
> -ADDENDUM:
> Any Spybot S&D with a detection rules update of February 16, 2005, or
> later, should no longer flag the DSO EXPLOIT, as it is being ignored
> temporarily.
> The DSO EXPLOIT problem can *NOT* be fixed with a detection rules
> update, the Spybot S&D (1.3) main application executable has to be
> replaced (with 1.3.1 TX) in order to correct the bug.
>
> --
> dak
> My SpywareBlaster Custom Blocking List:
> <http://customblockinglist.cjb.net/>
>