MS IE ½Å±Ô Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇØ ÁÖÀÇ
¡à °³¿ä
o Microsoft Internet Explorer°¡ ¾ÇÀÇÀûÀ¸·Î Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡
½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ [1]
o Internet ExplorerÀÇ "mshtml.dll" ¸ðµâÀÌ CSSÀÇ ¡°clip"¼Ó¼ºÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ À¯È¿ÇÏÁö
¾ÊÀº °´Ã¼¸¦ ÂüÁ¶ÇÔÀ¸·Î½á ¿ø°ÝÄڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ [1]
¡Ø À¯È¿ÇÏÁö ¾ÊÀº °´Ã¼ ÂüÁ¶: Á¦°ÅµÈ °´Ã¼¿¡ ´ëÇÑ À߸øµÈ ÂüÁ¶
o ¿µÇâ¹Þ´Â ¹öÀüÀÇ Internet Explorer »ç¿ëÀÚ°¡ ¾ÇÀÇÀûÀÎ À¥»çÀÌÆ®¸¦ ¹æ¹®ÇÒ °æ¿ì, ¿ø°ÝÀÇ
°ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© ¾Ç¼ºÄڵ带 À¯Æ÷ÇÒ ¼ö ÀÖÀ½
o º» Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© ¾Ç¼ºÄڵ尡 À¯Æ÷µÇ°í ÀÖÀ¸¹Ç·Î °¢º°ÇÑ ÁÖÀÇ°¡ ÇÊ¿äÇÔ
¡à °ü·Ã Ãë¾àÁ¡ :
- Remote Code Execution Vulnerability in Internet Explorer - CVE-2010-3962
¡à ÇØ´ç ½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¹öÀü [1]
․ Internet Explorer 6
- Windows XP SP 3
- Windows XP Professional x64 Edition SP 2
- Windows Server 2003 SP 2
- Windows Server 2003 x64 Edition SP 2
- Windows Server 2003 with SP2 for Itanium-based Systems
․ Internet Explorer 7
- Windows XP SP 3
- Windows XP Professional x64 Edition SP 2
- Windows Server 2003 SP 2
- Windows Server 2003 x64 Edition SP 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP 1 and SP 2
- Windows Vista x64 Edition SP 1 and SP 2
- Windows Server 2008 for 32-bit Systems and SP 2
- Windows Server 2008 for x64-based Systems and SP 2
- Windows Server 2008 for Itanium-based Systems and SP 2
․ Internet Explorer 8
- Windows XP SP 3
- Windows XP Professional x64 Edition SP 2
- Windows Server 2003 SP 2
- Windows Server 2003 x64 Edition SP 2
- Windows Vista SP 1 and SP 2
- Windows Vista x64 Edition SP 1 and SP 2
- Windows Server 2008 for 32-bit Systems and SP 2
- Windows Server 2008 for x64-based Systems and SP 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à Àӽà ÇØ°á ¹æ¾È
o ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®´Â ¹ßÇ¥µÇÁö ¾Ê¾ÒÀ½
o KrCERT/CC ȨÆäÀÌÁö ¹× À©µµ¿ì º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿©, ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ
º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥ ½Ã ½Å¼ÓÈ÷ ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇϵµ·Ï ÇÔ
o º¸¾È¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÇ±â Àü±îÁö, MS ȨÆäÀÌÁö¿¡¼ Á¦°øÇÏ´Â Àӽà ÇØ°á ¹æ¾ÈÀ» Àû¿ëÇÏ¿© Ãë¾àÁ¡
À¸·Î ÀÎÇÑ ÇÇÇظ¦ ¿¹¹æÇÔ
¡Ø http://www.microsoft.com/technet/security/advisory/2458511.mspx
o Ãë¾àÁ¡¿¡ ÀÇÇÑ ÇÇÇظ¦ ÁÙÀ̱â À§ÇÏ¿© »ç¿ëÀÚ´Â ´ÙÀ½°ú °°Àº »çÇ×À» ÁؼöÇؾßÇÔ
- ÆÄÀÏ°øÀ¯ ±â´É µîÀ» »ç¿ëÇÏÁö ¾ÊÀ¸¸é ºñÈ°¼ºÈÇÏ°í °³ÀιæȺ®À» ¹Ýµå½Ã »ç¿ë
- »ç¿ëÇÏ°í ÀÖ´Â ¹é½ÅÇÁ·Î±×·¥ÀÇ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ À¯ÁöÇÏ°í, ½Ç½Ã°£ °¨½Ã±â´ÉÀ» È°¼ºÈ
- ½Å·ÚµÇÁö ¾Ê´Â À¥ »çÀÌÆ®´Â ¹æ¹®ÇÏÁö ¾ÊÀ½
- Ãâó°¡ ºÒºÐ¸íÇÑ À̸ÞÀÏÀÇ ¸µÅ© Ŭ¸¯Çϰųª ÷ºÎÆÄÀÏÀ» ¿¾îº¸Áö ¾ÊÀ½
¡à ¿ë¾î Á¤¸®
o CSS : CSS (Cascading Style Sheet)´Â À¥ÆäÀÌÁö¿¡ Æ÷ÇÔµÈ ¿©¹éÀ̳ª ±ÛÀÚÀÇ Å©±â ¹× »ö±ò
µîÀÇ °¢Á¾ ½ºÅ¸ÀÏÀ» ±â¼úÇÏ´Â ¾ð¾î
o Mshtml.dll : Internet ExplorerÀÇ ÇÙ½É ¸ðµâ·Î¼ HTML, CSS µîÀ» ó¸®ÇÔ
[Âü°í»çÀÌÆ®]
[1] http://www.vupen.com/english/advisories/2010/2880
[2] http://www.microsoft.com/technet/security/advisory/2458511.mspx
[3] http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
|
|
|
