The short answer: it's a bug in Internet Explorer that could, under certain
circumstances, allow untrusted software to run - in other words, a
vulnerability. The good news is that it's been fixed.
The confusion arises from the fact that at least on popular Spyware
detection program reports the problem, but fails to apply its work around,
and hence continually reports the problem. Even though it might not be a
problem any more.
First, let's be clear. The vulnerability in Internet Explorer has been
corrected. If you've patched IE and are staying up to date with current
patches from Microsoft, you're safe, even if a DSO exploit is reported.
The confusion arises from a bug in Spybot Search and Destroy that continues
to report the DSO Exploit problem, anyway. There are ways to force the
report to go away, but it's more trouble than it's worth.
The bottom line: If you're fully up-to-date on Internet Explorer patches,
you can safely ignore Spybot's report of a DSO Exploit. And update Spybot
from time to time as well ... they do plan to fix the reporting problem.