Home | Data Center | Contact US | Login

Á¦¸ñ MS IE ½Å±Ô Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇØ ÁÖÀÇ
ÀÛ¼ºÀÏ 2010-11-04 16:46:58

MS IE ½Å±Ô Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇØ ÁÖÀÇ

¡à °³¿ä
   o Microsoft Internet Explorer°¡ ¾ÇÀÇÀûÀ¸·Î Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡
     ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ [1]
   o Internet ExplorerÀÇ "mshtml.dll" ¸ðµâÀÌ CSSÀÇ ¡°clip"¼Ó¼ºÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ À¯È¿ÇÏÁö
     ¾ÊÀº °´Ã¼¸¦ ÂüÁ¶ÇÔÀ¸·Î½á ¿ø°ÝÄڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ [1]
     ¡Ø À¯È¿ÇÏÁö ¾ÊÀº °´Ã¼ ÂüÁ¶: Á¦°ÅµÈ °´Ã¼¿¡ ´ëÇÑ À߸øµÈ ÂüÁ¶
   o ¿µÇâ¹Þ´Â ¹öÀüÀÇ Internet Explorer »ç¿ëÀÚ°¡ ¾ÇÀÇÀûÀÎ À¥»çÀÌÆ®¸¦ ¹æ¹®ÇÒ °æ¿ì, ¿ø°ÝÀÇ 
     °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© ¾Ç¼ºÄڵ带 À¯Æ÷ÇÒ ¼ö ÀÖÀ½
   o º» Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© ¾Ç¼ºÄڵ尡 À¯Æ÷µÇ°í ÀÖÀ¸¹Ç·Î °¢º°ÇÑ ÁÖÀÇ°¡ ÇÊ¿äÇÔ

¡à °ü·Ã Ãë¾àÁ¡ :
    - Remote Code Execution Vulnerability in Internet Explorer - CVE-2010-3962

¡à ÇØ´ç ½Ã½ºÅÛ
   o ¿µÇâ ¹Þ´Â ¹öÀü [1]
     ․ Internet Explorer 6  
       - Windows XP SP 3
       - Windows XP Professional x64 Edition SP 2
       - Windows Server 2003 SP 2
       - Windows Server 2003 x64 Edition SP 2
       - Windows Server 2003 with SP2 for Itanium-based Systems
     ․ Internet Explorer 7  
       - Windows XP SP 3
       - Windows XP Professional x64 Edition SP 2
       - Windows Server 2003 SP 2
       - Windows Server 2003 x64 Edition SP 2
       - Windows Server 2003 with SP2 for Itanium-based Systems
       - Windows Vista SP 1 and SP 2
       - Windows Vista x64 Edition SP 1 and SP 2
       - Windows Server 2008 for 32-bit Systems and SP 2
       - Windows Server 2008 for x64-based Systems and SP 2
       - Windows Server 2008 for Itanium-based Systems and SP 2
     ․ Internet Explorer 8  
       - Windows XP SP 3
       - Windows XP Professional x64 Edition SP 2
       - Windows Server 2003 SP 2
       - Windows Server 2003 x64 Edition SP 2
       - Windows Vista SP 1 and SP 2
       - Windows Vista x64 Edition SP 1 and SP 2
       - Windows Server 2008 for 32-bit Systems and SP 2
       - Windows Server 2008 for x64-based Systems and SP 2
       - Windows 7 for 32-bit Systems
       - Windows 7 for x64-based Systems
       - Windows Server 2008 R2 for x64-based Systems
       - Windows Server 2008 R2 for Itanium-based Systems
 

¡à Àӽà ÇØ°á ¹æ¾È
   o ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®´Â ¹ßÇ¥µÇÁö ¾Ê¾ÒÀ½
   o KrCERT/CC ȨÆäÀÌÁö ¹× À©µµ¿ì º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿©, ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ 
     º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥ ½Ã ½Å¼ÓÈ÷ ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇϵµ·Ï ÇÔ
   o º¸¾È¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÇ±â Àü±îÁö, MS ȨÆäÀÌÁö¿¡¼­ Á¦°øÇÏ´Â Àӽà ÇØ°á ¹æ¾ÈÀ» Àû¿ëÇÏ¿© Ãë¾àÁ¡
     À¸·Î ÀÎÇÑ ÇÇÇظ¦ ¿¹¹æÇÔ
     ¡Ø http://www.microsoft.com/technet/security/advisory/2458511.mspx
   o Ãë¾àÁ¡¿¡ ÀÇÇÑ ÇÇÇظ¦ ÁÙÀ̱â À§ÇÏ¿© »ç¿ëÀÚ´Â ´ÙÀ½°ú °°Àº »çÇ×À» ÁؼöÇؾßÇÔ
     - ÆÄÀÏ°øÀ¯ ±â´É µîÀ» »ç¿ëÇÏÁö ¾ÊÀ¸¸é ºñÈ°¼ºÈ­ÇÏ°í °³ÀιæÈ­º®À» ¹Ýµå½Ã »ç¿ë
     - »ç¿ëÇÏ°í ÀÖ´Â ¹é½ÅÇÁ·Î±×·¥ÀÇ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ À¯ÁöÇÏ°í, ½Ç½Ã°£ °¨½Ã±â´ÉÀ» È°¼ºÈ­
     - ½Å·ÚµÇÁö ¾Ê´Â À¥ »çÀÌÆ®´Â ¹æ¹®ÇÏÁö ¾ÊÀ½
     - Ãâó°¡ ºÒºÐ¸íÇÑ À̸ÞÀÏÀÇ ¸µÅ© Ŭ¸¯Çϰųª ÷ºÎÆÄÀÏÀ» ¿­¾îº¸Áö ¾ÊÀ½

¡à ¿ë¾î Á¤¸®
   o CSS : CSS (Cascading Style Sheet)´Â À¥ÆäÀÌÁö¿¡ Æ÷ÇÔµÈ ¿©¹éÀ̳ª ±ÛÀÚÀÇ Å©±â ¹× »ö±ò 
     µîÀÇ °¢Á¾ ½ºÅ¸ÀÏÀ» ±â¼úÇÏ´Â ¾ð¾î
   o Mshtml.dll : Internet ExplorerÀÇ ÇÙ½É ¸ðµâ·Î¼­ HTML, CSS µîÀ» ó¸®ÇÔ 

[Âü°í»çÀÌÆ®]
[1] http://www.vupen.com/english/advisories/2010/2880
[2] http://www.microsoft.com/technet/security/advisory/2458511.mspx
[3] http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
  »çÀ̹ö°ø°Ý À§Ç輺 Áõ°¡¿¡ µû¸¥ ¡®°ü½É¡¯ °æº¸ ¹ß·É
  Adobe Shockwave Player Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í








ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ
ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ