¡à °³¿ä
o MS Internet Explorer¿¡¼ ·ÎÄà ½Ã½ºÅÛ ÆÄÀÏÀÌ ¿ø°ÝÀÇ °ø°ÝÀÚ¿¡ ÀÇÇØ À¯ÃâµÉ ¼ö ÀÖ´Â Á¤º¸À¯Ãâ
Ãë¾àÁ¡ÀÌ °ø°³µÊ [1, 2, 3]
- °ø°ÝÀÚ´Â ½ºÆÔ ¸ÞÀÏÀ̳ª ¸Þ½ÅÀúÀÇ ¸µÅ©¸¦ ÅëÇØ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ ÄÜÅÙÆ®·Î ±¸¼ºµÈ ¾ÇÀÇÀûÀÎ
À¥ »çÀÌÆ®¿¡ ¹æ¹®Çϵµ·Ï »ç¿ëÀÚ¸¦ À¯µµÇÏ¿©, ÇØ´ç »ç¿ëÀÚ ½Ã½ºÅÛÀÇ ·ÎÄà ÆÄÀÏÀÇ ³»¿ëÀ» À¯ÃâÇÒ
¼ö ÀÖÀ½
o ¸ðµç ¹öÀüÀÇ Internet ExplorerÀ» ´ë»óÀ¸·Î °ø°ÝÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ °ø°³µÇ¾úÀ¸¹Ç·Î ÀÎÅͳÝ
»ç¿ëÀÚÀÇ ÁÖÀÇ°¡ ¿ä±¸µÊ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î [1]
- Internet Explorer 5.01 SP4 for Microsoft Windows 2000 SP4
- Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
- Internet Explorer 6 for Windows XP SP2, SP3,
- Internet Explorer 6 for Windows XP Professional x64 Edition SP2
- Internet Explorer 6 for Windows Server 2003 SP2
- Internet Explorer 6 for Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 6 for Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 for Windows XP SP2, SP3,
- Internet Explorer 7 for Windows XP Professional x64 Edition SP2
- Internet Explorer 7 for Windows Server 2003 SP2
- Internet Explorer 7 for Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 for Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 in Windows Vista, SP1, SP2
- Internet Explorer 7 in Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 7 in Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 7 in Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 for Windows XP SP2, SP3
- Internet Explorer 8 for Windows XP Professional x64 Edition SP2
- Internet Explorer 8 for Windows Server 2003 SP2
- Internet Explorer 8 for Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 in Windows Vista, SP1, SP2,
- Internet Explorer 8 in Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 8 in Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 8 in Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 in Windows 7 for 32-bit Systems
- Internet Explorer 8 in Windows 7 for x64-based Systems
- Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
- Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems
¡à Àӽà ÇØ°á ¹æ¾È
o ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®´Â ¹ßÇ¥µÇÁö ¾Ê¾ÒÀ½
o Windows Vista ÀÌÈÄÀÇ ¿î¿µÃ¼Á¦¿¡¼ º¸È£¸ðµå·Î ¼³Á¤µÈ Internet Explorer¸¦ »ç¿ëÇÏ´Â °æ¿ì
Ãë¾àÁ¡ÀÇ ¿µÇâ·ÂÀ» ³·Ãâ ¼ö ÀÖÀ½
¡Ø º¸È£¸ðµå(Protected Mode) : Windows Vista¿¡¼ ¸Å¿ì Á¦ÇÑµÈ ±ÇÇÑÀ¸·Î Internet Explorer
ÇÁ·Î¼¼½º°¡ ½ÇÇàµÇµµ·Ï ÇÏ¿© »ç¿ëÀÚ ÇÁ·ÎÇÊÀ̳ª ½Ã½ºÅÛ À§Ä¡¿¡ ÀÖ´Â ÆÄÀÏ, ·¹Áö½ºÆ®¸® Å°¿¡ ´ëÇÑ
¾²±â ¾×¼¼½º ±ÇÇÑÀ» Á¦ÇÑÇÔ
o ³×Æ®¿öÅ© ÇÁ·ÎÅäÄÝ Àá±Ý(Network Protocol Lockdown) ¼³Á¤
- Microsoft ±â¼úÀÚ·á¹®¼[4]¿¡ ¡°ÀÚµ¿ Çذᡱ ¼½¼ÇÀÇ ¡°³×Æ®¿öÅ© ÇÁ·ÎÅåÄÝ Àá±Ý »ç¿ë¡± ¾Æ·¡ ¸µÅ©¸¦
Ŭ¸¯ÇÏ¿© ÆÄÀÏ ´Ù¿î·Îµå ÈÄ ¼³Ä¡ (Microsoft Fix it 50365)
- ³×Æ®¿öÅ© ÇÁ·ÎÅäÄÝ Àá±Ý ¼³Á¤À» Àû¿ëÇÒ °æ¿ì file:// ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÏ´Â ½ºÅ©¸³Æ®³ª ActiveX
ÄÁÆ®·ÑÀÌ ¡°ÀÎÅÍ³Ý ¿µ¿ª¡±¿¡¼ ½ÇÇàµÇÁö ¾Êµµ·Ï Á¦ÇÑÇÔ
¡Ø ÇØ´ç ¼³Á¤À» Àû¿ëÇÒ °æ¿ì IE ±â¹Ý ÀϺΠ±×·ì¿þ¾îÀÇ ±â´É»ó Àå¾Ö°¡ ¹ß»ýÇÒ ¼ö ÀÖÀ½
¡Ø ¿ø»óÅ·Πº¹±¸Çϱâ À§Çؼ´Â ¡°³×Æ®¿öÅ© ÇÁ·ÎÅäÄÝ Àá±Ý ÇØÁ¦¡±¸¦ Àû¿ë (Microsoft Fix it 50366)
o MS º¸¾È¾÷µ¥ÀÌÆ® »çÀÌÆ®[5]¸¦ ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿© ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ
º¸¾È¾÷µ¥ÀÌÆ® ¹ßÇ¥ ½Ã ½Å¼ÓÈ÷ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇϰųª ÀÚµ¿¾÷µ¥ÀÌÆ®¸¦ ¼³Á¤
¡Ø ÀÚµ¿¾÷µ¥ÀÌÆ® ¼³Á¤ ¹æ¹ý: ½ÃÀÛ¡æÁ¦¾îÆǡ溸¾È¼¾ÅÍ¡æÀÚµ¿¾÷µ¥ÀÌÆ®¡æÀÚµ¿(±ÇÀå) ¼±ÅÃ
o Ãë¾àÁ¡¿¡ ÀÇÇÑ ÇÇÇظ¦ ÁÙÀ̱â À§ÇÏ¿© »ç¿ëÀÚ´Â ´ÙÀ½°ú °°Àº »çÇ×À» ÁؼöÇؾßÇÔ
- ÆÄÀÏ°øÀ¯ ±â´É µîÀ» »ç¿ëÇÏÁö ¾ÊÀ¸¸é ºñÈ°¼ºÈÇÏ°í °³ÀιæȺ®À» ¹Ýµå½Ã »ç¿ë
- »ç¿ëÇÏ°í ÀÖ´Â ¹é½ÅÇÁ·Î±×·¥ÀÇ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ À¯ÁöÇÏ°í, ½Ç½Ã°£ °¨½Ã±â´ÉÀ» È°¼ºÈ
- ½Å·ÚµÇÁö ¾Ê´Â À¥ »çÀÌÆ®ÀÇ ¹æ¹® ÀÚÁ¦
- Ãâó°¡ ºÒºÐ¸íÇÑ À̸ÞÀÏÀÇ ¸µÅ© Ŭ¸¯Çϰųª ÷ºÎÆÄÀÏ ¿¾îº¸±â ÀÚÁ¦
[Âü°í»çÀÌÆ®]
[1] http://www.microsoft.com/technet/security/advisory/980088.mspx
[2] http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag#
[3] http://www.coresecurity.com/content/Black-Hat-DC-2010
[4] http://support.microsoft.com/kb/980088
[5] http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko
|
|
|
