| Ãë¾àÁ¡ID |
26553 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
139.445 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
SMB |
| »ó¼¼¼³¸í |
ÇØ´ç ½Ã½ºÅÛ¿¡´Â Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ® (MS11-003, 2482017) °¡ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù. ÀÌ º¸¾È ¾÷µ¥ÀÌÆ®´Â Internet ExplorerÀÇ ºñ°ø°³ÀûÀ¸·Î º¸°íµÈ Ãë¾àÁ¡ 2°Ç°ú ÀϹݿ¡ °ø°³µÈ Ãë¾àÁ¡ 2°ÇÀ» ÇØ°áÇÕ´Ï´Ù. ÀÌ Ãë¾àÁ¡À¸·Î ÀÎÇØ »ç¿ëÀÚ°¡ Internet Explorer¸¦ »ç¿ëÇÏ¿© Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ ÆäÀÌÁö¸¦ º¸°Å³ª Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¶óÀ̺귯¸® ÆÄÀÏÀ» ·ÎµåÇÏ´Â ÇÕ¹ýÀûÀÎ HTML ÆÄÀÏÀ» ¿ °æ¿ì ¿ø°Ý ÄÚµå ½ÇÇàÀÌ Çã¿ëµÉ ¼ö ÀÖ½À´Ï´Ù. ÀÌ·¯ÇÑ Ãë¾àÁ¡ Áß Çϳª¸¦ ¼º°øÀûÀ¸·Î ¾Ç¿ëÇÑ °ø°ÝÀÚ´Â ·ÎÄà »ç¿ëÀÚ¿Í µ¿ÀÏÇÑ ±ÇÇÑÀ» ¾òÀ» ¼ö ÀÖ½À´Ï´Ù. ½Ã½ºÅÛ¿¡ ´ëÇÑ »ç¿ëÀÚ ±ÇÇÑÀÌ Àû°Ô ±¸¼ºµÈ °èÁ¤ÀÇ »ç¿ëÀÚ´Â °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ÀÛ¾÷ÇÏ´Â »ç¿ëÀÚ¿¡ ºñÇØ ¿µÇâÀ» Àû°Ô ¹Þ½À´Ï´Ù.
º¸¾È ¾÷µ¥ÀÌÆ®´Â Internet Explorer°¡ ¸Þ¸ð¸®ÀÇ °³Ã¼¸¦ ó¸®ÇÏ°í, CSS ½ºÅ¸ÀÏ ½ÃÆ®¸¦ ó¸®ÇÏ°í, ¿ÜºÎ ¶óÀ̺귯¸®¸¦ ·ÎµåÇÏ´Â ¹æ½ÄÀ» ¼öÁ¤ÇÏ¿© Ãë¾àÁ¡À» ÇØ°áÇÕ´Ï´Ù.
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://seclists.org/fulldisclosure/2010/Dec/110
http://www.breakingpointsystems.com/community/blog/ie-vulnerability/
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
-Internet Explorer 6
Windows XP ¼ºñ½º ÆÑ 3
Windows XP Professional x64 Edition ¼ºñ½º ÆÑ 2
Windows Server 2003 ¼ºñ½º ÆÑ 2
Windows Server 2003 x64 Edition ¼ºñ½º ÆÑ 2
Windows Server 2003 SP2(Itanium ±â¹Ý ½Ã½ºÅÛ¿ë)
-Internet Explorer 7
Windows XP ¼ºñ½º ÆÑ 3
Windows XP Professional x64 Edition ¼ºñ½º ÆÑ 2
Windows Server 2003 ¼ºñ½º ÆÑ 2
Windows Server 2003 x64 Edition ¼ºñ½º ÆÑ 2
Windows Server 2003 SP2(Itanium ±â¹Ý ½Ã½ºÅÛ¿ë)
Windows Vista ¼ºñ½º ÆÑ 1 ¹× Windows Vista ¼ºñ½º ÆÑ 2
Windows Vista x64 Edition ¼ºñ½º ÆÑ 1 ¹× Windows Vista x64 Edition ¼ºñ½º ÆÑ 2
Windows Server 2008(32ºñÆ® ½Ã½ºÅÛ¿ë) ¹× Windows Server 2008(32ºñÆ® ½Ã½ºÅÛ¿ë) ¼ºñ½º ÆÑ 2**
Windows Server 2008(x64 ±â¹Ý ½Ã½ºÅÛ¿ë) ¹× Windows Server 2008(x64 ±â¹Ý ½Ã½ºÅÛ¿ë) ¼ºñ½º ÆÑ 2**
Windows Server 2008(Itanium ±â¹Ý ½Ã½ºÅÛ¿ë) ¹× Windows Server 2008(Itanium ±â¹Ý ½Ã½ºÅÛ¿ë) ¼ºñ½º ÆÑ 2
-Internet Explorer 8
Windows XP ¼ºñ½º ÆÑ 3
Windows XP Professional x64 Edition ¼ºñ½º ÆÑ 2
Windows Server 2003 ¼ºñ½º ÆÑ 2
Windows Server 2003 x64 Edition ¼ºñ½º ÆÑ 2
Windows Vista ¼ºñ½º ÆÑ 1 ¹× Windows Vista ¼ºñ½º ÆÑ 2
Windows Vista x64 Edition ¼ºñ½º ÆÑ 1 ¹× Windows Vista x64 Edition ¼ºñ½º ÆÑ 2
Windows Server 2008(32ºñÆ® ½Ã½ºÅÛ¿ë) ¹× Windows Server 2008(32ºñÆ® ½Ã½ºÅÛ¿ë) ¼ºñ½º ÆÑ 2**
Windows Server 2008(x64 ±â¹Ý ½Ã½ºÅÛ¿ë) ¹× Windows Server 2008(x64 ±â¹Ý ½Ã½ºÅÛ¿ë) ¼ºñ½º ÆÑ 2**
Windows 7(32ºñÆ® ½Ã½ºÅÛ¿ë)
Windows 7(x64 ±â¹Ý ½Ã½ºÅÛ¿ë)
Windows Server 2008 R2(x64 ±â¹Ý ½Ã½ºÅÛ¿ë)**
Windows Server 2008 R2(Itanium ±â¹Ý ½Ã½ºÅÛ¿ë)
**Server Core ¼³Ä¡´Â ¿µÇâÀ» ¹ÞÁö ¾Ê½À´Ï´Ù. |
| ÇØ°áÃ¥ |
´ÙÀ½ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® º¸¾È °Ô½Ã¹° MS11-003¸¦ ÂüÁ¶ÇÏ¿© ½Ã½ºÅÛ¿¡ ´ëÇÑ ÀûÀýÇÑ ÆÐÄ¡(2482017)¸¦ Àû¿ëÇÑ´Ù:
http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx
-- ¶Ç´Â --
Windows Ç÷§ÆûµéÀ» À§ÇÑ ÆÐÄ¡µéÀº ¶ÇÇÑ Microsoft Windows Update À¥ »çÀÌÆ®ÀÎ http://windowsupdate.microsoft.com ¿¡¼µµ ±¸ÇÒ ¼ö ÀÖ´Ù. Windows Update´Â »ç¿ë ÁßÀÎ WindowsÀÇ ¹öÀüÀ» ÀÚµ¿À¸·Î ã¾Æ³»°í ÀûÀýÇÑ ÆÐÄ¡¸¦ Á¦°øÇØ ÁØ´Ù. |
| °ü·Ã URL |
CVE-2011-0033 (CVE) |
| °ü·Ã URL |
46106 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
