Home | Data Center | Contact US | Login

Á¦¸ñ MS Internet Explorer ½Å±Ô ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ÁÖÀÇ
ÀÛ¼ºÀÏ 2010-11-05 10:12:41
MS Internet Explorer ½Å±Ô ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ÁÖÀÇ

¡à °³¿ä
   o Microsoft Internet Explorer°¡ ¾ÇÀÇÀûÀ¸·Î Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡
     ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ 
   o Internet ExplorerÀÇ "mshtml.dll" ¸ðµâÀÌ CSSÀÇ ¡°clip"¼Ó¼ºÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ À¯È¿ÇÏÁö
     ¾ÊÀº °´Ã¼¸¦ ÂüÁ¶ÇÔÀ¸·Î½á ¿ø°ÝÄڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ [1][2]
     ¡Ø À¯È¿ÇÏÁö ¾ÊÀº °´Ã¼ ÂüÁ¶: Á¦°ÅµÈ °´Ã¼¿¡ ´ëÇÑ À߸øµÈ ÂüÁ¶
   o ¿µÇâ¹Þ´Â ¹öÀüÀÇ Internet Explorer »ç¿ëÀÚ°¡ ¾ÇÀÇÀûÀÎ À¥»çÀÌÆ®¸¦ ¹æ¹®ÇÒ °æ¿ì, ¿ø°ÝÀÇ 
     °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© ¾Ç¼ºÄڵ带 À¯Æ÷ÇÒ ¼ö ÀÖÀ½
   o º» Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© ¾Ç¼ºÄڵ尡 À¯Æ÷µÇ°í ÀÖÀ¸¹Ç·Î °¢º°ÇÑ ÁÖÀÇ°¡ ÇÊ¿äÇÔ

¡à °ü·Ã Ãë¾àÁ¡ :
    - Remote Code Execution Vulnerability in Internet Explorer - CVE-2010-3962[2]

¡à ÇØ´ç ½Ã½ºÅÛ
   o ¿µÇâ ¹Þ´Â ¹öÀü [1]
     ․ Internet Explorer 6  
       - Windows XP SP 3
       - Windows XP Professional x64 Edition SP 2
       - Windows Server 2003 SP 2
       - Windows Server 2003 x64 Edition SP 2
       - Windows Server 2003 with SP2 for Itanium-based Systems
     ․ Internet Explorer 7  
       - Windows XP SP 3
       - Windows XP Professional x64 Edition SP 2
       - Windows Server 2003 SP 2
       - Windows Server 2003 x64 Edition SP 2
       - Windows Server 2003 with SP2 for Itanium-based Systems
       - Windows Vista SP 1 and SP 2
       - Windows Vista x64 Edition SP 1 and SP 2
       - Windows Server 2008 for 32-bit Systems and SP 2
       - Windows Server 2008 for x64-based Systems and SP 2
       - Windows Server 2008 for Itanium-based Systems and SP 2
     ․ Internet Explorer 8  
       - Windows XP SP 3
       - Windows XP Professional x64 Edition SP 2
       - Windows Server 2003 SP 2
       - Windows Server 2003 x64 Edition SP 2
       - Windows Vista SP 1 and SP 2
       - Windows Vista x64 Edition SP 1 and SP 2
       - Windows Server 2008 for 32-bit Systems and SP 2
       - Windows Server 2008 for x64-based Systems and SP 2
       - Windows 7 for 32-bit Systems
       - Windows 7 for x64-based Systems
       - Windows Server 2008 R2 for x64-based Systems
       - Windows Server 2008 R2 for Itanium-based Systems
 
¡à Àӽà ÇØ°á ¹æ¾È
   o ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®´Â ¹ßÇ¥µÇÁö ¾Ê¾ÒÀ½
   o KrCERT/CC ȨÆäÀÌÁö ¹× À©µµ¿ì º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿©, ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ
      º¸¾È¾÷µ¥ÀÌÆ® ¹ßÇ¥ ½Ã ½Å¼ÓÈ÷ ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇϵµ·Ï ÇÔ
   o º¸¾È¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÇ±â Àü±îÁö MS ȨÆäÀÌÁö¿¡¼­ Á¦°øÇÏ´Â Àӽà ÇØ°á ¹æ¾ÈÀ» Àû¿ëÇÏ¿©
      Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇظ¦ ¿¹¹æÇÔ
     ¡Ø MS °ü·Ã ȨÆäÀÌÁö: http://support.microsoft.com/kb/2458511/en
   o Àӽà ÇØ°á ¹æ¾È Áß, ºê¶ó¿ìÀú°¡ Ãë¾àÇÑ CSS¸¦ ó¸®ÇÏÁö ¾Êµµ·Ï Çϱâ À§ÇØ MS ȨÆäÀÌÁö ¡°Fix it
      for me" ¼½¼ÇÀÇ ¡°Microsoft Fix it 50556¡±¸¦ Ŭ¸¯ÇÏ¿© ÆÄÀÏ ´Ù¿î·Îµå ÈÄ ¼³Ä¡
      ¡Ø ¿ø»óÅ·Πº¹±¸Çϱâ À§Çؼ­´Â ¡°Microsoft Fix it 50557¡±¸¦ Àû¿ë


   o Àӽà ÇØ°á ¹æ¾È Áß, IE 7¿¡¼­ DEP¸¦ ¼³Á¤Çϱâ À§ÇØ MS ȨÆäÀÌÁö ¡°Fix it for me" ¼½¼ÇÀÇ ¡°
      Microsoft Fix it 50285¡±¸¦ Ŭ¸¯ÇÏ¿© ÆÄÀÏ ´Ù¿î·Îµå ÈÄ ¼³Ä¡
      ¡Ø ¿ø»óÅ·Πº¹±¸Çϱâ À§Çؼ­´Â ¡°Microsoft Fix it 50286¡±¸¦ Àû¿ë

   o Ãë¾àÁ¡¿¡ ÀÇÇÑ ÇÇÇظ¦ ÁÙÀ̱â À§ÇÏ¿© »ç¿ëÀÚ´Â ´ÙÀ½°ú °°Àº »çÇ×À» ÁؼöÇؾßÇÔ
     - ÆÄÀÏ°øÀ¯ ±â´É µîÀ» »ç¿ëÇÏÁö ¾ÊÀ¸¸é ºñÈ°¼ºÈ­ÇÏ°í °³ÀιæÈ­º®À» ¹Ýµå½Ã »ç¿ë
     - »ç¿ëÇÏ°í ÀÖ´Â ¹é½ÅÇÁ·Î±×·¥ÀÇ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ À¯ÁöÇÏ°í, ½Ç½Ã°£ °¨½Ã±â´ÉÀ» È°¼ºÈ­
     - ½Å·ÚµÇÁö ¾Ê´Â À¥ »çÀÌÆ®´Â ¹æ¹®ÇÏÁö ¾ÊÀ½
     - Ãâó°¡ ºÒºÐ¸íÇÑ À̸ÞÀÏÀÇ ¸µÅ© Ŭ¸¯Çϰųª ÷ºÎÆÄÀÏÀ» ¿­¾îº¸Áö ¾ÊÀ½

¡à ¿ë¾î Á¤¸®
   o CSS : CSS (Cascading Style Sheet)´Â À¥ÆäÀÌÁö¿¡ Æ÷ÇÔµÈ ¿©¹éÀ̳ª ±ÛÀÚÀÇ Å©±â ¹× »ö±ò 
     µîÀÇ °¢Á¾ ½ºÅ¸ÀÏÀ» ±â¼úÇÏ´Â ¾ð¾î
   o Mshtml.dll : Internet ExplorerÀÇ ÇÙ½É ¸ðµâ·Î¼­ HTML, CSS µîÀ» ó¸®ÇÔ
   o DEP (Data Execution Prevention, µ¥ÀÌÅÍ ½ÇÇà ¹æÁö) : ÇÁ·Î±×·¥ÀÇ ºñ½ÇÇ࿵¿ª ¸Þ¸ð¸®¿¡¼­
     Äڵ尡 ½ÇÇàµÇÁö ¾Êµµ·Ï ÇÔÀ¸·Î½á ¾Ç¼ºÄÚµå ¹× ´Ù¸¥ º¸¾È À§ÇèÀ¸·ÎºÎÅÍ ¼Õ»óµÇÁö ¾Ê°Ô ÇØÁÖ´Â
     º¸¾È ±â´É

[Âü°í»çÀÌÆ®]
[1] http://www.vupen.com/english/advisories/2010/2880
[2] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3962
[3] http://www.microsoft.com/technet/security/advisory/2458511.mspx
[4] http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
  Adobe Flash Player ´ÙÁß Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
  »çÀ̹ö°ø°Ý À§Ç輺 Áõ°¡¿¡ µû¸¥ ¡®°ü½É¡¯ °æº¸ ¹ß·É








ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ
ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ