Thanks for all the information. I also found a post in grc.spyware on the
same issue.
In grc.spyware, Sir_George said...
Joe,
Search this newsgroup for posts dated 4/13/2003 with the title "DSO Exploit"
for a good review of the "DSO Exploit" and it's meaning.
Or these links in that thread ...
https://grc.com/x/news.exe?cmd=article&group=grc.spyware&item=17250
https://grc.com/x/news.exe?cmd=article&group=grc.spyware&item=17707
--
Milly
After all that reading, I "think" I've got it straight. I put the DSO
Exploit in the "Excludes". Thanks again for the input. charlie R
Spybot had found the bug and the workaround in this site >>>
http://security.greymagic.com/adv/gm001-ie/
Below the actual status of the vulnerability : solved by the Patch MS02-015
..
http://security.greymagic.com/adv/
ActiveX.
Topic: A vulnerability inelements can be exploited with data binding.
Date: 27-Feb-2002.
Status: Patched by MS02-015
This study has two tests on this vulnerability and if you have this OLD
patch you 'll
see that Spybot " DSO Exploit " is useless.
"siljaline" <
[email protected]> ha scritto nel messaggio
charlie R said:
Hello all......I'm running Win98, IE6SP1, OE6. I downloaded and ran Spybot
S and D today, and ran a scan. It found one item.....a DSO Browser Exploit
in Internet Explorer. I've kept my system updated and patched and current
according to Windows Update as of a few days ago. Could I have missed one,
or could this be a "false positive"? Or, is there one that hasn't been
patched? Thanks for any input. charlie R
I believe you should let SpyBot remove the exploit.
Thread here may clarify:
http://snurl.com/27ge
HTH
--
siljaline
"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free
time."
- Neil Stephenson, _Cryptonomicon_
