MS Internet Explorer ½Å±Ô ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ÁÖÀÇ
¡à °³¿ä o Microsoft Internet Explorer°¡ ¾ÇÀÇÀûÀ¸·Î Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ o Internet ExplorerÀÇ "mshtml.dll" ¸ðµâÀÌ CSSÀÇ ¡°clip"¼Ó¼ºÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ À¯È¿ÇÏÁö ¾ÊÀº °´Ã¼¸¦ ÂüÁ¶ÇÔÀ¸·Î½á ¿ø°ÝÄڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ [1][2] ¡Ø À¯È¿ÇÏÁö ¾ÊÀº °´Ã¼ ÂüÁ¶: Á¦°ÅµÈ °´Ã¼¿¡ ´ëÇÑ À߸øµÈ ÂüÁ¶ o ¿µÇâ¹Þ´Â ¹öÀüÀÇ Internet Explorer »ç¿ëÀÚ°¡ ¾ÇÀÇÀûÀÎ À¥»çÀÌÆ®¸¦ ¹æ¹®ÇÒ °æ¿ì, ¿ø°ÝÀÇ °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© ¾Ç¼ºÄڵ带 À¯Æ÷ÇÒ ¼ö ÀÖÀ½ o º» Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© ¾Ç¼ºÄڵ尡 À¯Æ÷µÇ°í ÀÖÀ¸¹Ç·Î °¢º°ÇÑ ÁÖÀÇ°¡ ÇÊ¿äÇÔ
¡à °ü·Ã Ãë¾àÁ¡ : - Remote Code Execution Vulnerability in Internet Explorer - CVE-2010-3962[2]
¡à ÇØ´ç ½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¹öÀü [1] ․ Internet Explorer 6 - Windows XP SP 3 - Windows XP Professional x64 Edition SP 2 - Windows Server 2003 SP 2 - Windows Server 2003 x64 Edition SP 2 - Windows Server 2003 with SP2 for Itanium-based Systems ․ Internet Explorer 7 - Windows XP SP 3 - Windows XP Professional x64 Edition SP 2 - Windows Server 2003 SP 2 - Windows Server 2003 x64 Edition SP 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista SP 1 and SP 2 - Windows Vista x64 Edition SP 1 and SP 2 - Windows Server 2008 for 32-bit Systems and SP 2 - Windows Server 2008 for x64-based Systems and SP 2 - Windows Server 2008 for Itanium-based Systems and SP 2 ․ Internet Explorer 8 - Windows XP SP 3 - Windows XP Professional x64 Edition SP 2 - Windows Server 2003 SP 2 - Windows Server 2003 x64 Edition SP 2 - Windows Vista SP 1 and SP 2 - Windows Vista x64 Edition SP 1 and SP 2 - Windows Server 2008 for 32-bit Systems and SP 2 - Windows Server 2008 for x64-based Systems and SP 2 - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à Àӽà ÇØ°á ¹æ¾È o ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®´Â ¹ßÇ¥µÇÁö ¾Ê¾ÒÀ½ o KrCERT/CC ȨÆäÀÌÁö ¹× À©µµ¿ì º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿©, ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ® ¹ßÇ¥ ½Ã ½Å¼ÓÈ÷ ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇϵµ·Ï ÇÔ o º¸¾È¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÇ±â Àü±îÁö MS ȨÆäÀÌÁö¿¡¼ Á¦°øÇÏ´Â Àӽà ÇØ°á ¹æ¾ÈÀ» Àû¿ëÇÏ¿© Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇظ¦ ¿¹¹æÇÔ ¡Ø MS °ü·Ã ȨÆäÀÌÁö: http://support.microsoft.com/kb/2458511/en o Àӽà ÇØ°á ¹æ¾È Áß, ºê¶ó¿ìÀú°¡ Ãë¾àÇÑ CSS¸¦ ó¸®ÇÏÁö ¾Êµµ·Ï Çϱâ À§ÇØ MS ȨÆäÀÌÁö ¡°Fix it for me" ¼½¼ÇÀÇ ¡°Microsoft Fix it 50556¡±¸¦ Ŭ¸¯ÇÏ¿© ÆÄÀÏ ´Ù¿î·Îµå ÈÄ ¼³Ä¡ ¡Ø ¿ø»óÅ·Πº¹±¸Çϱâ À§Çؼ´Â ¡°Microsoft Fix it 50557¡±¸¦ Àû¿ë
o Àӽà ÇØ°á ¹æ¾È Áß, IE 7¿¡¼ DEP¸¦ ¼³Á¤Çϱâ À§ÇØ MS ȨÆäÀÌÁö ¡°Fix it for me" ¼½¼ÇÀÇ ¡° Microsoft Fix it 50285¡±¸¦ Ŭ¸¯ÇÏ¿© ÆÄÀÏ ´Ù¿î·Îµå ÈÄ ¼³Ä¡ ¡Ø ¿ø»óÅ·Πº¹±¸Çϱâ À§Çؼ´Â ¡°Microsoft Fix it 50286¡±¸¦ Àû¿ë o Ãë¾àÁ¡¿¡ ÀÇÇÑ ÇÇÇظ¦ ÁÙÀ̱â À§ÇÏ¿© »ç¿ëÀÚ´Â ´ÙÀ½°ú °°Àº »çÇ×À» ÁؼöÇؾßÇÔ - ÆÄÀÏ°øÀ¯ ±â´É µîÀ» »ç¿ëÇÏÁö ¾ÊÀ¸¸é ºñÈ°¼ºÈÇÏ°í °³ÀιæȺ®À» ¹Ýµå½Ã »ç¿ë - »ç¿ëÇÏ°í ÀÖ´Â ¹é½ÅÇÁ·Î±×·¥ÀÇ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ À¯ÁöÇÏ°í, ½Ç½Ã°£ °¨½Ã±â´ÉÀ» È°¼ºÈ - ½Å·ÚµÇÁö ¾Ê´Â À¥ »çÀÌÆ®´Â ¹æ¹®ÇÏÁö ¾ÊÀ½ - Ãâó°¡ ºÒºÐ¸íÇÑ À̸ÞÀÏÀÇ ¸µÅ© Ŭ¸¯Çϰųª ÷ºÎÆÄÀÏÀ» ¿¾îº¸Áö ¾ÊÀ½
¡à ¿ë¾î Á¤¸® o CSS : CSS (Cascading Style Sheet)´Â À¥ÆäÀÌÁö¿¡ Æ÷ÇÔµÈ ¿©¹éÀ̳ª ±ÛÀÚÀÇ Å©±â ¹× »ö±ò µîÀÇ °¢Á¾ ½ºÅ¸ÀÏÀ» ±â¼úÇÏ´Â ¾ð¾î o Mshtml.dll : Internet ExplorerÀÇ ÇÙ½É ¸ðµâ·Î¼ HTML, CSS µîÀ» ó¸®ÇÔ o DEP (Data Execution Prevention, µ¥ÀÌÅÍ ½ÇÇà ¹æÁö) : ÇÁ·Î±×·¥ÀÇ ºñ½ÇÇ࿵¿ª ¸Þ¸ð¸®¿¡¼ Äڵ尡 ½ÇÇàµÇÁö ¾Êµµ·Ï ÇÔÀ¸·Î½á ¾Ç¼ºÄÚµå ¹× ´Ù¸¥ º¸¾È À§ÇèÀ¸·ÎºÎÅÍ ¼Õ»óµÇÁö ¾Ê°Ô ÇØÁÖ´Â º¸¾È ±â´É
[Âü°í»çÀÌÆ®] [1] http://www.vupen.com/english/advisories/2010/2880 [2] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3962 [3] http://www.microsoft.com/technet/security/advisory/2458511.mspx [4] http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
|
|
|