DSO

Short for Data Source Object, DSO is an Internet Explorer 4.0 and above ActiveX control that enables a web page to take information from an external XML page and display it on the current page.

A DSO exploit was discovered by GreyMagic Software on February 25, 2002, and is an exploit that dynamically inserts HTML without using any active scripting. This could allow a malicious user to execute a program from a browser window. 

• The official advisory can be found here.

Often such spyware programs as Spybot will list the DSO exploit if found in the registry. To resolve the DSO exploit follow the below steps. Note: The below steps require that you edit the registry; if you are not comfortable editing the registry, simply make sure Windows is up-to-date. Additional information about updating Windows can be found on document CH000545. 

1. Click Start and Run.

2. Type regedit and click ok.

3. In the registry editor open the below key:
   
   HKEY_CURRENT_USER\
   Software\
   Microsoft\
   Windows\
   CurrentVersion\
   Internet Settings\
   Zones\
   0\
   
   

4. In the above key there should be a value of "1004"; if this value is not present, click Edit, New, DWORD Value and create the "1004" DWORD value.

5. If "1004" is present, make sure the type is "REG_DWORD" and not "REG_SZ"; if it is "REG_SZ", delete the 1004 value and create a new 1004 as instructed in step number four.

6. Once the "1004" value has been created, double-click the value and enter "3" as the value name .

7. Once the above has been changed, exit out of the registry editor and reboot the computer.

Note: If you are attempting to fix this issue because it is showing up in Spybot, make sure first you have the latest version of Spybot as this is an issue with Spybot. Second, if the issue still occurs, view each registry key that the error is located in and perform the above steps 4-7 for each registry key Spybot is detecting the DSO exploit in. 

Also see: Security definitions