English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 26668
À§Çèµµ 40
Æ÷Æ® 139.445
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù SMB
»ó¼¼¼³¸í ÇØ´ç ½Ã½ºÅÛ¿¡´Â ¡®Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ®'¿¡ ´ëÇÑ Hotfix(MS13-088, 2888505)°¡ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù.
ÀÌ º¸¾È ¾÷µ¥ÀÌÆ®´Â Internet Explorer¿¡¼­ ¹ß°ßµÇ¾î ºñ°ø°³ÀûÀ¸·Î º¸°íµÈ Ãë¾àÁ¡ 10°ÇÀ» ÇØ°áÇÑ´Ù. °¡Àå À§ÇèÇÑ Ãë¾àÁ¡À¸·Î ÀÎÇØ »ç¿ëÀÚ°¡ Internet Explorer¸¦ »ç¿ëÇÏ¿© Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ ÆäÀÌÁö¸¦ º¼ °æ¿ì ¿ø°Ý ÄÚµå ½ÇÇàÀÌ Çã¿ëµÉ ¼ö ÀÖ´Ù. °¡Àå À§ÇèÇÑ Ãë¾àÁ¡ ¾Ç¿ë¿¡ ¼º°øÇÑ °ø°ÝÀÚ´Â ÇöÀç »ç¿ëÀÚ¿Í µ¿ÀÏÇÑ ±ÇÇÑÀ» ¾òÀ» ¼ö ÀÖ´Ù. ½Ã½ºÅÛ¿¡ ´ëÇÑ »ç¿ëÀÚ ±ÇÇÑÀÌ Àû°Ô ±¸¼ºµÈ °èÁ¤ÀÇ »ç¿ëÀÚ´Â °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ÀÛ¾÷ÇÏ´Â »ç¿ëÀÚ¿¡ ºñÇØ ¿µÇâÀ» Àû°Ô ¹Þ´Â´Ù.

- Internet Explorer Á¤º¸ À¯Ãâ Ãë¾àÁ¡(CVE-2013-3908)
Internet Explorer°¡ Àμ⠹̸® º¸±â¸¦ »ý¼ºÇÒ ¶§ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ ÄÜÅÙÃ÷¸¦ ó¸®ÇÏ´Â ¹æ½Ä¿¡ Á¤º¸ À¯Ãâ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. ÀÌ Ãë¾àÁ¡ ¾Ç¿ë¿¡ ¼º°øÇÑ °ø°ÝÀÚ´Â °ø°Ý ´ë»óÀÚ°¡ º¸°í ÀÖ´Â ¸ðµç ÆäÀÌÁö¿¡¼­ Á¤º¸¸¦ ¼öÁýÇÒ ¼ö ÀÖ´Ù.

- Internet Explorer Á¤º¸ À¯Ãâ Ãë¾àÁ¡(CVE-2013-3909)
Internet Explorer°¡ CSS Ư¼ö ¹®ÀÚ¸¦ ó¸®ÇÏ´Â ¹æ½Ä¿¡ Á¤º¸ À¯Ãâ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. °ø°ÝÀÚ´Â »ç¿ëÀÚ°¡ À¥ÆäÀÌÁö¸¦ º¼ °æ¿ì Á¤º¸ À¯ÃâÀÌ ¹ß»ýÇϴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ±¸¼ºÇÏ¿© ÀÌ Ãë¾àÁ¡À» ¾Ç¿ëÇÒ ¼ö ÀÖ´Ù. ÀÌ Ãë¾àÁ¡ ¾Ç¿ë¿¡ ¼º°øÇÑ °ø°ÝÀÚ´Â ´Ù¸¥ µµ¸ÞÀÎÀ̳ª Internet Explorer ¿µ¿ªÀÇ ÄÜÅÙÃ÷¸¦ º¼ ¼ö ÀÖ´Ù.

- Internet ExplorerÀÇ ¿©·¯ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡(CVE-2013-3871, CVE-2013-3910, CVE-2013-3911, CVE-2013-3912, CVE-2013-3914, CVE-2013-3915, CVE-2013-3916, CVE-2013-3917)
Internet Explorer°¡ ¸Þ¸ð¸®ÀÇ °³Ã¼¿¡ ºÎÀûÀýÇÏ°Ô ¾×¼¼½ºÇÒ ¶§ ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. ÀÌ Ãë¾àÁ¡À¸·Î ÀÎÇØ ¸Þ¸ð¸®°¡ ¼Õ»óµÇ°í °ø°ÝÀÚ°¡ ÇöÀç »ç¿ëÀÚÀÇ ÄÁÅؽºÆ®¿¡¼­ ÀÓÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Ù.

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ­ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
http://www.zerodayinitiative.com/advisories/ZDI-13-264/
http://www.zerodayinitiative.com/advisories/ZDI-13-265/
http://www.zerodayinitiative.com/advisories/ZDI-13-266/
http://www.zerodayinitiative.com/advisories/ZDI-13-267/
https://technet.microsoft.com/ko-kr/library/security/ms13-088

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
ÇØ°áÃ¥ ´ÙÀ½ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® º¸¾È °Ô½Ã¹° MS13-088¸¦ ÂüÁ¶ÇÏ¿© ½Ã½ºÅÛ¿¡ ´ëÇÑ ÀûÀýÇÑ ÆÐÄ¡(2888505)¸¦ Àû¿ëÇÑ´Ù:
https://technet.microsoft.com/ko-kr/library/security/ms13-088
-- ¶Ç´Â --
Windows Ç÷§ÆûµéÀ» À§ÇÑ ÆÐÄ¡µéÀº ¶ÇÇÑ Microsoft Windows Update À¥ »çÀÌÆ®ÀÎ http://windowsupdate.microsoft.com ¿¡¼­µµ ±¸ÇÒ ¼ö ÀÖ´Ù. Windows Update´Â »ç¿ë ÁßÀÎ WindowsÀÇ ¹öÀüÀ» ÀÚµ¿À¸·Î ã¾Æ³»°í ÀûÀýÇÑ ÆÐÄ¡¸¦ Á¦°øÇØ ÁØ´Ù.
°ü·Ã URL CVE-2013-3871,CVE-2013-3908,CVE-2013-3909,CVE-2013-3910,CVE-2013-3911,CVE-2013-3912,CVE-2013-3914,CVE-2013-3915,CVE-2013-3916,CVE-2013-3917 (CVE)
°ü·Ã URL 63585,63588,63589,63590,63592,63593,63594,63595,63596,63597 (SecurityFocus)
°ü·Ã URL (ISS)