Ãë¾àÁ¡ID |
26361 |
À§Çèµµ |
40 |
Æ÷Æ® |
139,445 |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
SMB |
»ó¼¼¼³¸í |
ÇØ´ç ½Ã½ºÅÛ¿¡´Â Internet Explorer¿¡ ´ëÇÑ 2008³â 6¿ù ´©Àû ÆÐÄ¡(Cumulative Patch)¿ë Hotfix (MS08-031, 950759)°¡ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù. ÀÌ ÆÐÄ¡´Â ´©Àû ¾÷µ¥ÀÌÆ®ÀÎ º¸¾È °Ô½Ã¹°(MS08-024, 947864)¿¡¼ Á¦°øµÈ ¾÷µ¥ÀÌÆ®¸¦ ´ëüÇÏ°í »õ·Î ¹ß°ßµÈ ´ÙÀ½ÀÇ °ø°³ Ãë¾àÁ¡¿¡ ´ëÇÑ ÇØ°áÃ¥À» Æ÷ÇÔÇÏ°í ÀÖ´Ù:
- HTML Objects ¸Þ¸ð¸® Á¶ÀÛ Ãë¾àÁ¡ (CVE-2008-1442): Á¤º¸ ³ëÃâ - Request Header Cross-Domain Á¤º¸ ³ëÃâ Ãë¾àÁ¡ (CVE-2008-1544): ¿ø°Ý ÄÚµå ½ÇÇà
»ç¿ëÀÚ°¡ °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ·Î±×¿ÂÇÑ °æ¿ì, °ø°ÝÀÚ°¡ ÀÌ Ãë¾àÁ¡ÀÇ °¡Àå ½É°¢ÇÑ ºÎºÐÀ» ¼º°øÀûÀ¸·Î ¾Ç¿ëÇÑ´Ù¸é ÇÁ·Î±×·¥ ¼³Ä¡, µ¥ÀÌÅÍ º¸±â, º¯°æ ¶Ç´Â »èÁ¦, ¸ðµç ±ÇÇÑÀ» °¡Áø »õ °èÁ¤ ¸¸µé±â µîÀÇ ÀÛ¾÷À» Æ÷ÇÔÇÏ¿© ÇØ´ç ½Ã½ºÅÛÀ» ¿ÏÀüÈ÷ Á¦¾îÇÒ ¼ö ÀÖ´Ù.
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ ¿ø°ÝÁö È£½ºÆ®ÀÇ ·¹Áö½ºÆ®¸®¸¦ ¾×¼¼½ºÇÒ ¼ö ÀÖ´Â Guest ȤÀº ±× ÀÌ»óÀÇ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: Microsoft Internet Explorer 5.01 SP4 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 7 Microsoft Windows 2000 SP4 Microsoft Windows XP SP3 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista Microsoft Windows Server 2008 |
ÇØ°áÃ¥ |
´ÙÀ½ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® º¸¾È °Ô½Ã¹° MS08-031À» ÂüÁ¶ÇÏ¿© ½Ã½ºÅÛ¿¡ ´ëÇÑ ÀûÀýÇÑ ÆÐÄ¡(950759)¸¦ Àû¿ëÇÑ´Ù: http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx
-- ¶Ç´Â --
Windows Ç÷§ÆûµéÀ» À§ÇÑ ÆÐÄ¡µéÀº ¶ÇÇÑ Microsoft Windows Update À¥ »çÀÌÆ®ÀÎ http://windowsupdate.microsoft.com ¿¡¼µµ ±¸ÇÒ ¼ö ÀÖ´Ù. Windows Update´Â »ç¿ë ÁßÀÎ WindowsÀÇ ¹öÀüÀ» ÀÚµ¿À¸·Î ã¾Æ³»°í ÀûÀýÇÑ ÆÐÄ¡¸¦ Á¦°øÇØ ÁØ´Ù. |
°ü·Ã URL |
CVE-2008-1442,CVE-2008-1544 (CVE) |
°ü·Ã URL |
29556 (SecurityFocus) |
°ü·Ã URL |
41411,42692,42693 (ISS) |
|