°øÁö»çÇ×
º¸¾ÈÆÐÄ¡
°áÁ¦¹æ¹ý¾È³»
¼­ºñ½º ÀÌ¿ë¾à°ü
°³ÀÎÁ¤º¸Ãë±Þ¹æÄ§
ÀÚÁÖ¹¯´ÂÁú¹®
±â¼ú°¡À̵å
¹®ÀÇÇϱâ
Á¦ ¸ñ MS Internet Explorer ½Å±Ô ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ÁÖÀÇ - 2010-12-22
ÀÛ¼ºÀÚ Çϳª·ÎÈ£½ºÆÃ ( hosting@hhosting.co.kr ) µî·ÏÁ¤º¸ 2010-12-22 17:57:00 Á¶È¸¼ö 34266
¡à °³¿ä
o Internet ExplorerÀÇ mshtml.dll ¶óÀ̺귯¸®°¡ Àç±ÍÀûÀ¸·Î CSS @import ±ÔÄ¢À» Æ÷ÇÔÇÏ´Â À¥ ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ý [1, 3, 4, 6]
o °ø°ÝÀÚ´Â À¥ ÆäÀÌÁö Àº´Ð, ½ºÆÔ ¸ÞÀÏ, ¸Þ½ÅÀúÀÇ ¸µÅ© µîÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÄÜÅÙÆ®·Î ±¸¼ºµÈ ¾ÇÀÇÀûÀÎ À¥ »çÀÌÆ®¿¡ ¹æ¹®Çϵµ·Ï »ç¿ëÀÚ¸¦ À¯µµÇÏ¿© ¾Ç¼ºÄڵ带 À¯Æ÷ °¡´É
o ÇØ´ç Ãë¾àÁ¡ÀÇ °³³äÁõ¸íÄÚµå[2, 7]°¡ °ø°³µÇ¾úÀ¸¹Ç·Î ÀÎÅÍ³Ý »ç¿ëÀÚÀÇ ÁÖÀǰ¡ ¿ä±¸µÊ

¡à ÇØ´ç ½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î [1]
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
¡Ø ¸ðµç ¿î¿µÃ¼Á¦ÀÇ ¸ðµç Internet Explorer ¹öÀüÀÌ Ãë¾àÇÒ °ÍÀ¸·Î ÃßÁ¤
(DEP¿Í ASLR ¿ìȸ °¡´É[6])

¡à Àӽà ±Ç°í »çÇ×
o ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®´Â ¹ßÇ¥µÇÁö ¾Ê¾ÒÀ½
o KrCERT/CC¿Í MS º¸¾È¾÷µ¥ÀÌÆ® »çÀÌÆ®[5]¸¦ ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿© ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ
º¸¾È¾÷µ¥ÀÌÆ® ¹ßÇ¥ ½Ã ½Å¼ÓÈ÷ Ãֽо÷µ¥ÀÌÆ®¸¦ Àû¿ëÇϰųª ÀÚµ¿¾÷µ¥ÀÌÆ®¸¦ ¼³Á¤
¡Ø ÀÚµ¿¾÷µ¥ÀÌÆ® ¼³Á¤ ¹æ¹ý: ½ÃÀÛ¡æÁ¦¾îÆÇ¡æº¸¾È¼¾ÅÍ¡æÀÚµ¿¾÷µ¥ÀÌÆ®¡æÀÚµ¿(±ÇÀå) ¼±ÅÃ
o Ãë¾àÁ¡¿¡ ÀÇÇÑ ÇÇÇØ¸¦ ÁÙÀ̱â À§ÇÏ¿© »ç¿ëÀÚ´Â ´ÙÀ½°ú °°Àº »çÇ×À» ÁؼöÇØ¾ßÇÔ
- ÆÄÀϰøÀ¯ ±â´É µîÀ» »ç¿ëÇÏÁö ¾ÊÀ¸¸é ºñȰ¼ºÈ­ÇÏ°í °³ÀιæÈ­º®À» ¹Ýµå½Ã »ç¿ë
- »ç¿ëÇϰí ÀÖ´Â ¹é½ÅÇÁ·Î±×·¥ÀÇ Ãֽо÷µ¥ÀÌÆ®¸¦ À¯ÁöÇϰí, ½Ç½Ã°£ °¨½Ã±â´ÉÀ» Ȱ¼ºÈ­
- ½Å·ÚµÇÁö ¾Ê´Â À¥ »çÀÌÆ®ÀÇ ¹æ¹® ÀÚÁ¦
- Ãâó°¡ ºÒºÐ¸íÇÑ À̸ÞÀÏÀÇ ¸µÅ© Ŭ¸¯Çϰųª ÷ºÎÆÄÀÏ ¿­¾îº¸±â ÀÚÁ¦

¡à ¿ë¾î Á¤¸®
o CSS (Cascading Style Sheet) : À¥ÆäÀÌÁö¿¡ Æ÷ÇÔµÈ ¿©¹éÀ̳ª ±ÛÀÚÀÇ Å©±â ¹× »ö±ò µîÀÇ °¢Á¾ ½ºÅ¸ÀÏÀ» ±â¼úÇÏ´Â ¾ð¾î
o @import : ¿ÜºÎ CSS ÆÄÀÏÀ» ÂüÁ¶ÇÏ´Â URLÀ» ÁöÁ¤ÇÏ´Â ±ÔÄ¢
o mshtml.dll : Internet ExplorerÀÇ ÇÙ½É ¸ðµâ·Î¼­ HTML, CSS µîÀ» ó¸®ÇÔ
o DEP (Data Execution Prevention, µ¥ÀÌÅÍ ½ÇÇà ¹æÁö) : ÇÁ·Î±×·¥ÀÇ ºñ½ÇÇ࿵¿ª ¸Þ¸ð¸®¿¡¼­
Äڵ尡 ½ÇÇàµÇÁö ¾Êµµ·Ï ÇÔÀ¸·Î½á ¾Ç¼ºÄÚµå ¹× ´Ù¸¥ º¸¾È À§ÇèÀ¸·ÎºÎÅÍ ¼Õ»óµÇÁö ¾Ê°Ô ÇØÁÖ´Â º¸¾È ±â´É
o ASLR (Address Space Layout Randomization) : ÁÖ¼Ò °ø°£ ·¹À̾ƿôÀ» ºÒ±ÔÄ¢ÇÏ°Ô ¹èÄ¡ÇÏ´Â
º¸¾È ±â´É

¡à ±âŸ ¹®ÀÇ»çÇ×
o º¸¾È¾÷µ¥ÀÌÆ®´Â ¾ðÁ¦ ¹ßÇ¥µÇ³ª¿ä?
- ÇØ´ç º¸¾È¾÷µ¥ÀÌÆ®ÀÇ ¹ßÇ¥ ÀÏÁ¤Àº ¹ÌÁ¤À̳ª, ¹ßÇ¥ ½Ã KrCERT/CC ȨÆäÀÌÁö¸¦ ÅëÇØ ½Å¼ÓÈ÷ °øÁöÇÒ ¿¹Á¤ÀÔ´Ï´Ù.
o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝÄ§ÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118

[Âü°í»çÀÌÆ®]
[1] http://www.vupen.com/english/advisories/2010/3156
[2] http://www.exploit-db.com/exploits/15746/
[3] http://www.breakingpointsystems.com/community/blog/ie-vulnerability/
[4] http://www.wooyun.org/bugs/wooyun-2010-0885
[5] http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko
[6] http://www.offensive-security.com/offsec/internet-explorer-css-0day-on-windows-7/
[7] http://www.metasploit.com/modules/exploit/windows/browser/ms11_xxx_ie_css_import
ÃÑ 173 °Ç
¹øÈ£ Á¦¸ñ µî·ÏÀÏ Á¶È¸¼ö
173 À©µµ¿ì RDP ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2019-05-16 32383
172 WannaCry(¿ö³ÊÅ©¶óÀÌ) ·£¼¶¿þ¾î ´ëÀÀ ¹æ¹ý ¾È³» 2017-05-15 18893
171 OpenSSL ±ä±Þ º¸¾È ¾÷µ¥ÀÌÆ® 2016-03-03 21533
170 À±ÃÊ(Leap Second) °ü·Ã ¹ö±× ³»¿ë ¹× ´ëÀÀ ¹æ¾È ¾È³» 2015-06-26 23577
169 HTTP.sys ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ 2015-04-17 20719
168 ¸®´ª½º Ghost Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2015-01-29 20370
167 Apache Struts 2 ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í 2013-07-22 28902
166 ±¹³» °ø°³ À¥ °Ô½ÃÆÇ(±×´©º¸µå) º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2011-04-28 33738
=> MS Internet Explorer ½Å±Ô ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ÁÖÀÇ - 2010-12-22 2010-12-22 34266
164 ±¹³» °ø°³ À¥ °Ô½ÃÆÇ(Á¦·Îº¸µå) Ãë¾àÁ¡ ÁÖÀÇ - 2010-12-22 2010-12-22 33166
163 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 12¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-12-15 2010-12-15 29895
162 ¾ÖÇà ÄüŸÀÓ Ç÷¹ÀÌ¾î º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-12-09 2010-12-09 25738
161 Adobe Reader/Acrobat Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-17 2010-11-17 25715
160 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 11¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-10 2010-11-10 24787
159 Adobe Flash Player ´ÙÁß Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-05 2010-11-05 25483
158 Mozilla Firefox ¹× Thunderbird º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-10-28 2010-10-28 25035
157 Adobe Shockwave Player ½Å±Ô Ãë¾àÁ¡ ÁÖÀÇ - 2010-10-22 2010-10-22 25147
156 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 10¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-10-13 2010-10-13 25192
  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  
1