| ¹øÈ£ | µî·ÏÀÏ | Á¦¸ñ | ||
|---|---|---|---|---|
| 34 | 2010.01.22 | [±ä±Þ] [MS10-002]Internet Explorer(IE) °ü·Ã MS ºñÁ¤±â ±ä±Þ º¸¾ÈÆÐÄ¡ °øÁö |
[MS10-002] Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ®
1.¼³¸í
- Internet Explorer°¡ ÃʱâÈ µÇÁö ¾Ê°Å³ª »èÁ¦µÈ ¸Þ¸ð¸® °´Ã¼¿¡ Á¢±ÙÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ýÇÕ´Ï´Ù.
- XSS(Å©·Î½º»çÀÌÆ®½ºÅ©¸³ÆÃ) ÇÊÅ͸µ ¹× URL À¯È¿¼º °ËÁõ °úÁ¤¿¡¼ Á¤º¸³ëÃâ ¹× ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ýÇÕ´Ï´Ù.
¡Ø XSS(Cross Site Scripting : Å©·Î½º »çÀÌÆ® ½ºÅ©¸³ÆÃ) : °Ô½ÃÆÇ ¶Ç´Â À¥ÆäÀÌÁö¿¡ ¾ÇÀÇÀûÀ¸·Î »ðÀÔµÈ ½ºÅ©¸³Æ®°¡
ÇØ´ç °Ô½Ã¹° ¶Ç´Â À¥ÆäÀÌÁö ¹æ¹®½Ã ½ÇÇàµÇµµ·Ï ÇÏ´Â °ø°Ý ÇüÅÂ
- °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ ÆäÀÌÁö¸¦ ¿µµ·Ï À¯µµÇÔ. °ø°ÝÀÌ ¼º°øÇÏ¸é °ø°ÝÀÚ´Â ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ
±ÇÇÑ È¹µæ °¡´É ÇÒ ¼ö ÀÖ½À´Ï´Ù.
- °ü·Ã Ãë¾àÁ¡ :
- XSS Filter Script Handling Vulnerability - CVE-2009-4074
- URL Validation Vulnerability - CVE-2010-0027
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0244
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0245
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0246
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0247
- HTML Object Memory Corruption Vulnerability - CVE-2010-0248
- HTML Object Memory Corruption Vulnerability - CVE-2010-0249
2. ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
- Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
- Internet Explorer 6 on Windows XP SP2, SP3
- Internet Explorer 6 on Windows XP Professional x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2
- Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows XP SP2, SP3
- Internet Explorer 7 on Windows XP Professional x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2
- Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows Vista, SP1, SP2
- Internet Explorer 7 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 7 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows XP SP2, SP3
- Internet Explorer 8 on Windows XP Professional x64 Edition SP2
- Internet Explorer 8 on Windows Server 2003 SP2
- Internet Explorer 8 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 on Windows Vista, SP1, SP2
- Internet Explorer 8 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 8 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows Server 2008 R2 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for Itanium-based Systems
- Internet Explorer 8 on Windows 7 for 32-bit Systems
- Internet Explorer 8 on Windows 7 for x64-based Systems
3. ÇØ°á¹æ¾È
- ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
4. ÂüÁ¶ »çÀÌÆ®
- ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx
- ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-002.mspx
