83, 1/5 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   sjh21a
   http://kernelhack.co.kr
   [Á¤º¸] MS Internet Explorer XML Parsing Remote Buffer overflow zer0-day

http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Notice&no=1170881860 [º¹»ç]


MS ÀÇ ÀÎÅÍ³Ý ÀͽºÇ÷η¯ 7.0 ¹öÀü¿¡¼­ XML Çڵ鸵 ½Ã,

¿ø°ÝÀ¸·Î °ø°Ý Äڵ带 ½ÇÇà ½Ãų ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ ¹ß°ß µÇ¾ú½À´Ï´Ù.

°ø°ÝÀÚ´Â °ø°Ý ¼º°ø½Ã ÇØ´ç ½Ã½ºÅÛ¿¡ ¿øÇÏ´Â °ø°Ý Äڵ带 ½ÇÇà ½Ãų ¼ö ÀÖ½À´Ï´Ù.

ÀÓ½ÃÀûÀÎ ÆÐÄ¡·Î´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ´Â oledb32.dll ÆÄÀÏÀ» ºñÈ°¼º ½ÃÅ°´Â °É·Î ÇØ°á ÇÒ ¼ö ÀÖ½À´Ï´Ù.

ÀÚ½ÅÀÇ PC°¡ À§ Ãë¾àÁ¡¿¡ °ø°Ý ´çÇÒ °¡´É¼ºÀÌ ÀÖ´ÂÁö, ¾Æ´ÑÁö ÆÇ´Ü Çغ¸½Ã·Á¸é

¾Æ·¡ÀÇ URL ·Î Á¢¼ÓÇØ º¸½Ã¸é µË´Ï´Ù.

http://research.hackerschool.org/JUST_TESTS/xml.html

Á¢¼Ó½Ã, ¿¡·¯ ¸Þ½ÃÁö¿Í IE°¡ Á¾·á µÇ¸é Ãë¾àÇÑ »óÅ ÀÔ´Ï´Ù.

¾Æ·¡ÀÇ Àӽà ÆÐÄ¡¸¦ ÇØÁֽøé, Á¾·á°¡ µÇÁö ¾Ê½À´Ï´Ù.

"½ÃÀÛ -> ½ÇÇà" ÈÄ ¾Æ·¡ ³»¿ë ÀÔ·Â.

Regsvr32.exe /u "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll"


Â÷ÈÄ¿¡ MS Ãø¿¡¼­ ÆÐÄ¡°¡ ³ª¿À¸é ¾Æ·¡ÀÇ ¸í·ÉÀ¸·Î oledb32.dll À» ´Ù½Ã µî·Ï ½ÃÄÑ ÁÖ½Ã¸é µË´Ï´Ù.

Regsvr32.exe "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll"


Âü°í¹®¼­

http://www.securityfocus.com/bid/32721
  Hit : 9090     Date : 2008/12/17 05:01


    
wadeco ¾È²¨Áö°í ¿¢¹ÚÀÌ¸é ±¦ÂúÀº°Ç°¡... 2008/12/18  
operet Àü ´ÙÇàÈ÷µµ, ³ëÅÏ ÀÎÅͳݽÃÅ¥¸®Æ¼°¡ ¸·¾ÆÁÖ³×¿ä ¤¾¤¾ 2008/12/21  
cydstyle Àúµµ ³ëÅÏÀÌ..¤»¤» 2008/12/30  
dkdkfjgh ±Û°Ô¿ä ¿¢¹ÚÀε¥... 2009/01/05  
¶Ë¸¶·ç ¤¾..Àü ¾Æ¹«°ÍµÎ ¾È¶á´Ù´Â.. 2009/01/10  
¾çÆÄ <b>Glob</b> 2009/03/09  
eraseZEROne Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ® (958215)
https://docs.microsoft.com/ko-kr/security-updates/securitybulletins/2008/ms08-073		 2019/01/06  
83   [°øÁö] ºÒ¹ý °Ô½Ã¹°¿¡ ´ëÇÑ Á¶Ä¡ °èȹÀÔ´Ï´Ù.[12]     ¸Û¸Û
 01/21 10424
82   2017³â ÄÚµå°ÔÀÌÆ® ÁÖ´Ï¾Æ ¹ßÇ¥ÀÚ ¸ðÁýÀ» ÁøÇàÇÕ´Ï´Ù.[8]     ¸Û¸Û
 12/27 7834
81   2016 ÄÚµå°ÔÀÌÆ® ÁִϾî ÄÁÆÛ·±½º ¹ßÇ¥ÀÚ¸¦ ¸ðÁýÇÕ´Ï´Ù.[1]     ¸Û¸Û
 03/13 8091
80   2015 ÄÚµå°ÔÀÌÆ® ÁִϾî ÄÁÆÛ·±½º ¹ßÇ¥ÀÚ¸¦ ¸ðÁýÇÕ´Ï´Ù.[2]     ¸Û¸Û
 01/23 10713
79   2014 ÄÚµå°ÔÀÌÆ® ÁÖ´Ï¾î ¹ßÇ¥ÀÚ¸¦ ¸ðÁýÇÕ´Ï´Ù.[2]     ¸Û¸Û
 01/15 10264
78   2013³â µ¿°è ÇÙÄ· ³¯Â¥ & ¹ßÇ¥ÀÚ ¸ðÁý[26]     ¸Û¸Û
 01/10 13152
77   [°øÁö] ÇØÄ¿½ºÄð ¼¼¹Ì³ª - C¾ð¾î Æ÷ÀÎÅÍ Æ¯°­ ¾È³»ÀÔ´Ï´Ù.[6]     ¸Û¸Û
 01/10 12846
76   [ÇØÅ·´ëȸ] Á¦ 2ȸ ÃʵîÇлý CTF°¡ °³Ãֵ˴ϴÙ.[25]     ¸Û¸Û
 10/22 12127
75   [ÇØÅ·´ëȸ] Á¦ 2ȸ ¿©¼º CTF°¡ °³Ãֵ˴ϴÙ.[5]     ¸Û¸Û
 10/22 9756
74   Á¦ 6ȸ ÇØÅ·Ä·ÇÁ Âü°¡½ÅûÀ» ¹Þ½À´Ï´Ù.[32]     ¸Û¸Û
 08/13 11391
73   »çÀÌÆ® °ø»çÁßÀÔ´Ï´Ù.[16]     ¸Û¸Û
 07/13 10237
72   °£´ÜÇÑ µðÀÚÀÎ ÄÁÅ×½ºÆ®(?) ÁøÇàÇÕ´Ï´Ù. [12]     ¸Û¸Û
 07/13 8979
71   7¿ù 28~29ÀÏ JFF ÇØÅ·´ëȸ season2!![8]     ¸Û¸Û
 07/13 9421
70   ÇØÄð ¼¼¹Ì³ª - AVR ÇÁ·Î±×·¡¹ÖÆí[10]     ¸Û¸Û
 04/11 11817
69   [°øÁö] ¡°ÄÚµå°ÔÀÌÆ® ƼÄÏÀ» Àâ¾Æ¶ó¡± À̺¥Æ®[3]     ¸Û¸Û
 03/28 9509
68   ½º¸¶Æ®Æù(¾Èµå·ÎÀ̵å) ÇØÅ· ±×·ì½ºÅ͵ð ¸â¹ö ¸ðÁýÇÕ´Ï´Ù[18]     ¸Û¸Û
 02/24 11565
67   Á¦ 5ȸ ÇØÅ·Ä·ÇÁ ¼±¹ßÀÚ ¸ñ·ÏÀÔ´Ï´Ù.[26]     ¸Û¸Û
 02/10 11115
66   Á¦ 5ȸ ÇØÅ·Ä·ÇÁ Âü°¡ÀÚ ¸ðÁýÀ» ½ÃÀÛÇÕ´Ï´Ù.[17]     ¸Û¸Û
 01/29 9644
65   [°øÁö] Ãʵù&¿©¼º CTF °á°úÀÔ´Ï´Ù[12]     ¸Û¸Û
 11/16 12719
64   ÇØÄð °ø°³¼¼¹Ì³ª - Çϵå¿þ¾î ÇØÅ· ±âÃÊ (ÀçÁøÇà)[13]     ¸Û¸Û
 10/18 13369
1 [2][3][4][5]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org