¡à °³¿ä
o ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® À©µµ¿ìÁîÀÇ ºñµð¿À ½ºÆ®¸®¹ÖÀ» À§ÇÑ ActiveX ÄÁÆ®·Ñ¿¡ ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ
Á¸ÀçÇÔ[1,2]
o ÇöÀç ÇØ´ç Ãë¾àÁ¡À» ÅëÇØ °ø°ÝÇÏ´Â »ç·Ê°¡ ±ÞÁõÇÏ°í ÀÖÀ½À¸·Î »ç¿ëÀÚ´Â ½Å·ÚÇÒ ¼ö ¾ø´Â »çÀÌÆ®ÀÇ
¹æ¹®À» ÀÚÁ¦ÇÏ°í ÇØ´ç ActiveX ÄÁÆ®·ÑÀ» »ç¿ëÇÒ ¼ö ¾øµµ·Ï ¼³Á¤
¡à ¼³¸í
o ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® À©µµ¿ìÁîÀÇ ºñµð¿À ½ºÆ®¸®¹ÖÀ» À§ÇÑ ActiveX ÄÁÆ®·Ñ(msvidctl.dll)ÀÇ ¹öÆÛÇ÷οì
Ãë¾àÁ¡
o ¸¶ÀÌÅ©·Î¼ÒÆ®ÇÁ´Â º» Ãë¾àÁ¡¿¡ ´ëÇØ Security Advisory¸¦ ¹ßÇ¥ÇÔ [1]
o °ø°ÝÀÚ´Â ¾ÇÀÇÀûÀÎ À¥ »çÀÌÆ®¿¡ »ç¿ëÀÚ°¡ Á¢¼ÓÇϵµ·Ï À¯µµÇÏ¿© °ø°ÝÀÚ°¡ ½É¾î³õÀº ÄÚµå ½ÇÇàÀ¸·Î
·Î±×ÀÎµÈ »ç¿ëÀÚÀÇ ±ÇÇÑÀ¸·Î ¿ø°Ý ÄÚµå ½ÇÇàÀ» ÇÒ ¼ö ÀÖÀ½
¡Ø TV Æ©³Ê Áö¿øÀ» Á¦°øÇϴµ¥ »ç¿ëµÇ´Â MPEG2TuneReuqest ActiveX ÄÁÆ®·ÑÀ» ÅëÇØ ¹öÆÛ¿À¹ö
Ç÷ο츦 ÀÏÀ¸Å´
¡Ø °ü·Ã CLSID : 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF ¿Ü 44°³ [1]
¡Ø °ü·Ã CVE : CVE-2008-0015 [5]
¡à ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 Service Pack 4
- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
- Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista
x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems
Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based
Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-
based Systems Service Pack 2
¡à ÇØ°á ¹æ¾È
o ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®´Â ¹ßÇ¥µÇÁö ¾Ê¾ÒÀ½
o Àӽà ÇØ°á¹æ¾È Àû¿ë [3]
- Microsoft ±â¼ú ÀÚ·á ¹®¼[3]¿¡ "³ª¸¦ À§ÇÑ ¼öÁ¤" ¼½¼ÇÀÇ "ÇØ°á ¹æ¹ý »ç¿ë" ¾Æ·¡ ¸µÅ©¸¦ Ŭ¸¯
ÇÏ¿© ÆÄÀÏ ´Ù¿î·Îµå ÈÄ ¼³Ä¡
¡Ø ¿ø»óÅ·Πº¹±¸Çϱâ À§Çؼ´Â "ÇØ°á ¹æ¹ý »ç¿ë ¾È ÇÔ"À» Àû¿ë
o KrCERT/CC¿Í MSº¸¾È ¾÷µ¥ÀÌÆ® »çÀÌÆ®[4]¸¦ ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿© ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È
¾÷µ¥ÀÌÆ® ¹ßÇ¥ ½Ã ½Å¼ÓÈ÷ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇϰųª ÀÚµ¿ ¾÷µ¥ÀÌÆ®¸¦ ¼³Á¤
¡Ø ÀÚµ¿¾÷µ¥ÀÌÆ® ¼³Á¤ ¹æ¹ý: ½ÃÀÛ¡æÁ¦¾îÆǡ溸¾È¼¾ÅÍ¡æÀÚµ¿¾÷µ¥ÀÌÆ®¡æÀÚµ¿(±ÇÀå) ¼±ÅÃ
o Ãë¾àÁ¡¿¡ ÀÇÇÑ ÇÇÇظ¦ ÁÙÀ̱â À§ÇÏ¿© »ç¿ëÀÚ´Â ´ÙÀ½°ú °°Àº »çÇ×À» ÁؼöÇؾßÇÔ
- ½Å·ÚµÇÁö ¾Ê´Â À¥ »çÀÌÆ®ÀÇ ¹æ¹® ÀÚÁ¦
- Ãâó¸¦ ¾Ë ¼ö ¾ø´Â ¸µÅ©¸¦ ¹æ¹®ÇÏÁö ¾Êµµ·Ï ÇÔ
¡à ¿ë¾î ¼³¸í
o ActiveX : ÀÏ¹Ý ÀÀ¿ëÇÁ·Î±×·¥°ú À¥ »çÀÌÆ®¸¦ ¿¬°áÇÏ¿© ÀÎÅ;×ƼºêÇÑ À¥ ¼ºñ½º¸¦ Á¦°øÇϱâ À§ÇÑ ±â¼ú
¡à ÂüÁ¶ »çÀÌÆ®
[1] http://www.microsoft.com/technet/security/advisory/972890.mspx
[2] http://www.securityfocus.com/bid/35558/info
[3] http://support.microsoft.com/kb/972890
[4] http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015
|
|
|
