Spybot's DSO Exploit in IE: Is it Fixed by SP1?

E

Eli

Hi there:

A Spybot S&D Scan of my PC finds the following security vulnerability in
its scan:

<<<<
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3


Spybot [versions 1.2 and 1.3] offers to correct this by altering the
Registry Key as noted above.


Spybot's report of this security exploit leads me to:

http://www.greymagic.com/security/advisories/gm001-ie/

which is dated February 2002

An index of Grey Magic's Security Advisories:
http://www.greymagic.com/security/advisories/
leads to:

· GM#001-IE: Executing arbitrary commands without Active Scripting or
ActiveX.
Topic: A vulnerability in <object> elements can be exploited with data
binding.
Date: 27-Feb-2002.
Status: Patched by MS02-015

which suggests that the vulnerability had already been patched by MS in
2002.


MS article about patch for this issue Dated Mrach 28, 2002

http://www.microsoft.com/technet/security/bulletin/MS02-015.mspx

This in turn refers to a March 2002 cumulative security update Q319182 for
IE:
http://www.microsoft.com/windows/ie/downloads/critical/Q319182/default.asp

My question here is :


Am I correct in my surmising this security flaw has already been fixed by
the cumulative patches subsequent to Q319182.

I am assuming that Q319182. has been
superseded by later security patches for Internet Explorer, such as SP 1 or
later patches to IE.

If this is so, perhaps it might not be advisable to allow Spybot to alter
the Registry to correct a vulnerability which is no longer pertinent.

If there is something here I'm missing, please let me know.

Thank you

-Eli
 
E

Eli

My apologies for repeating the post

-eli
| Hi there:
|
| A Spybot S&D Scan of my PC finds the following security vulnerability
in
| its scan:
|
| <<<<
| DSO Exploit: Data source object exploit (Registry change, nothing done)
| HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
| Settings\Zones\0\1004!=W=3
|
| >>>>
|
|
| Spybot [versions 1.2 and 1.3] offers to correct this by altering the
| Registry Key as noted above.
|
|
| Spybot's report of this security exploit leads me to:
|
| http://www.greymagic.com/security/advisories/gm001-ie/
|
| which is dated February 2002
|
| An index of Grey Magic's Security Advisories:
| http://www.greymagic.com/security/advisories/
| leads to:
|
| · GM#001-IE: Executing arbitrary commands without Active Scripting or
| ActiveX.
| Topic: A vulnerability in <object> elements can be exploited with data
| binding.
| Date: 27-Feb-2002.
| Status: Patched by MS02-015
|
| which suggests that the vulnerability had already been patched by MS in
| 2002.
|
|
| MS article about patch for this issue Dated Mrach 28, 2002
|
| http://www.microsoft.com/technet/security/bulletin/MS02-015.mspx
|
| This in turn refers to a March 2002 cumulative security update Q319182
for
| IE:
| http://www.microsoft.com/windows/ie/downloads/critical/Q319182/default.asp
|
| My question here is :
|
|
| Am I correct in my surmising this security flaw has already been fixed by
| the cumulative patches subsequent to Q319182.
|
| I am assuming that Q319182. has been
| superseded by later security patches for Internet Explorer, such as SP 1
or
| later patches to IE.
|
| If this is so, perhaps it might not be advisable to allow Spybot to alter
| the Registry to correct a vulnerability which is no longer pertinent.
|
| If there is something here I'm missing, please let me know.
|
| Thank you
|
| -Eli
|
|
|
|
 
M

MowGreen [MVP]

Eli,

Any half-effective Antivirus software wouldn't let the html/script
run. Not to worry. I tried to email the html code and almost every
ISP's virus scanners stripped the code from it.
Am not totally positive that the vulnerability has been patched,
though. Go ahead and let Spybot make the registry change. If you
have XP, it will also create a Restore Point, just in case .

MowGreen [MVP]
*-343-* Never Forgotten
Hi there:

A Spybot S&D Scan of my PC finds the following security vulnerability in
its scan:

<<<<
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3


Spybot [versions 1.2 and 1.3] offers to correct this by altering the
Registry Key as noted above.


Spybot's report of this security exploit leads me to:

http://www.greymagic.com/security/advisories/gm001-ie/

which is dated February 2002

An index of Grey Magic's Security Advisories:
http://www.greymagic.com/security/advisories/
leads to:

· GM#001-IE: Executing arbitrary commands without Active Scripting or
ActiveX.
Topic: A vulnerability in <object> elements can be exploited with data
binding.
Date: 27-Feb-2002.
Status: Patched by MS02-015

which suggests that the vulnerability had already been patched by MS in
2002.


MS article about patch for this issue Dated Mrach 28, 2002

http://www.microsoft.com/technet/security/bulletin/MS02-015.mspx

This in turn refers to a March 2002 cumulative security update Q319182 for
IE:
http://www.microsoft.com/windows/ie/downloads/critical/Q319182/default.asp

My question here is :


Am I correct in my surmising this security flaw has already been fixed by
the cumulative patches subsequent to Q319182.

I am assuming that Q319182. has been
superseded by later security patches for Internet Explorer, such as SP 1 or
later patches to IE.

If this is so, perhaps it might not be advisable to allow Spybot to alter
the Registry to correct a vulnerability which is no longer pertinent.

If there is something here I'm missing, please let me know.

Thank you

-Eli
Click to expand...
 
T

TTAylor

I have win2000 and I just can not get rid of this

Data Source object Exploit

HKEY_Users\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

I also have the same problem. If you could let me know if there is a
way to remove this?

Spybot is finding, I delete it but it soon reapears:

HKEY_Users\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

Like wise Ad-aware Keeps finding:

Tracking Cookie - Catagory - data miner

What do these do, I am now full patched but I can not remove them from
my system.

I am using Win2000 and i do no tknow how to create a restore point.
 
M

MowGreen [MVP]

TTaylor,

As I stated in my post, the DSO Exploit is mitigated by having a
competent and up to date antivirus program installed on your system.
You could manually edit the Registry or let Spybot do it. That's
what it is doing, it is not removing anything from the sytem.

Data Miner cookies are being reinstalled when you visit certain
websites. Either block the cookies via Internet Options, Privacy,
and then add the sites to block by click the Sites button or click
the Advanced tab and pick the settings you want to block all cookies.
These cookies can track where you go on the internet and report back
to the site that placed them. Either empty all cookies before going
to another site or just delete them all after using IE.
They are not a security concern but a privacy issue.


MowGreen [MVP]
*-343-* Never Forgotten
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DSO Exploit 3
DSO Exploit-Allow Spybot to Alter Registry Key in Re to IE? 3
DSO Exploit - Data Miner 1
DSO Exploit glitch in Spybot? 8
DOS Exploit Executing programs 3
Learning the Registry 3
Hole in Registery Keys on Office and Windows 2000 4

Top