Re: Spybot DSO Exploit
From: Bruce Chambers (bruce_a_chambers_at_h0tmail.com)
Date: 09/10/04
- Next message: rd: "Re: IE6 - popping sound"
- Previous message: Doug: "Un-Wanted Dual Boot problem"
- In reply to: FM: "Spybot DSO Exploit"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 9 Sep 2004 19:40:31 -0600
FM wrote:
> The problem can be fixed easily if you do it right. It seems no one
> has properly advised us beginners on how to correct the problem. In
> my case I had five different "0\1004" zones that needed to be
> changed. I found the solution by chance. I changed all of them the
> same way. I will just illustrate one.
>
> SpyBot's DSO Exploit:
> HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\Zones\0\1004!=W=3
>
> What the program is saying is the the "W" has to be changed to 3.
> The "W" in this case is the "Dword".
>
> 1.If you follow the above path in the registry to the 0 zone folder
> you will see in the right hand window the number 1004 in the name
> column.
> 2. In the next column, the Data column, you will find a blank. This
> blank has to be changed to "x00000003(3)"
> 3. To do this you have to right click on the data column. A "NEW"
> will appear. Click on it. From popup screen select "DWORD Value".
> 4. This will put a "NEW Value #1" at the bottom of the window. Left
> click on the small icon on the left of the "New Value #1" file.
> 5. An "Edit DWORD Value" screen will appear.
> 6. In the "Value Data" window insert the number 3. (make sure the
> Base Hexadecimal is checked) then click ok.
> 7. Then go back and delete the original 1004 file.
> 8. Rename the "NEW Value #1" number "1004".
>
> Once you've done all the registry entries showing in SPYBot's DSO
> Exploit...the problem will be solved.
>
> FM
That's a lot of work, just to prevent a false positive that can
easily be turned off from within SpyBot S&D.
The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or IE Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.
MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182
If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/
The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs
In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.
-- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH
- Next message: rd: "Re: IE6 - popping sound"
- Previous message: Doug: "Un-Wanted Dual Boot problem"
- In reply to: FM: "Spybot DSO Exploit"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
