22015, 1/1101 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ¸Û¸Û
   http://www.hackerschool.org
   RTF Æ÷¸Ë¿¡¼­ÀÇ ½Å±ÔÃë¾àÁ¡

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=23653 [º¹»ç]


[POC ÄÚµå]
http://www.exploit-db.com/exploits/18780/

[°ü·Ã Æ÷½ºÆÃ]
http://contagiodump.blogspot.com.es/2012/04/cve2012-0158-south-china-sea-insider.html

[RTF ¸í¼¼¼­]
http://msdn.microsoft.com/en-us/library/aa140277%28v=office.10%29.aspx

[OLE »ðÀԺκÐ]
http://msdn.microsoft.com/en-us/library/aa140283(v=office.10).aspx#rtfspec_25

[ÆÐÄ¡Á¤º¸]
http://technet.microsoft.com/en-us/security/bulletin/ms12-027


Ãë¾àÁ¡ÀÌ ¹ß°ßµÈÁö´Â 2ÁÖÁ¤µµ µÈ °Í °°°í, ¿À´Ã metasploit¿¡ Ãß°¡µÇ¾ú³×¿ä

¿ÀÇǽº ¿öµå³ª ¿öµåÆе带 ¿­¾î¼­ ¸Þ´º ¾ÆÀÌÄܵéÀ» º¸¸é "°³Ã¼»ðÀÔ"À̶ó´Â Ç׸ñÀÌ º¸À̴µ¥,
À̸¦ ÅëÇؼ­ Ãë¾àÁ¡ÀÌ ÀÖ´Â ActiveX¸¦ »ðÀÔÇÑ °ø°Ý¹æ½ÄÀÔ´Ï´Ù.

Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ´Â ActiveX´Â MSCOMCTL.OCXÀÌ°í¿ä, Visual Studio³ª ¿ÀÇǽº¿¡ µþ¸° °ÉÁÙ ¾Ë¾Ò´Âµ¥
À©µµ¿ì¿¡ ±âº»À¸·Î ¼³Ä¡µÇ¾îÀֱ⵵ ÇÑ ÆÄÀÏÀ̳׿ä.
À̸§Àº "Microsoft Windows Common Controls 6.0 (SP6)" ÀÔ´Ï´Ù

ActiveX¶ó°íÇؼ­ À¥¿¡¼­ ÀÚ¹Ù½ºÅ©¸³Æ®³ª ºñº£½ºÅ©¸³Æ®·Î ½ÇÇàÇÏ´Â °ø°Ý¹æ½ÄÀÌ ¾Æ´Ñ,
ÀÌ Ãë¾àÇÑ ActiveX¸¦ RTF¿¡ embedded ½ÃÄѼ­ °ø°ÝÇÏ´Â ¹æ½ÄÀÔ´Ï´Ù.
¾ê¸¦ À¥¿¡¼­ È£ÃâÇÏ·Á°íÇÏ¸é ±ÇÇѹ®Á¦·Î ³ë¶õ °æ°íâÀÌ ¶ã °Ì´Ï´Ù.
¸¸¾à À¥¿¡¼­µµ ½ÇÇà °¡´ÉÇÑ ActiveX¿´´Ù¸é ¹®Á¦°¡ ´õ Ä¿Á³¾ú°ÚÁÒ..

Ãë¾àÁ¡ÀÇ ¿ø¸®´Â ½ºÅñâ¹Ý ¹öÆÛ ¿À¹öÇ÷οìÀÌ°í¿ä,
MSCOMCTL.OCX ³»ÀÇ ListView ȤÀº TreeView ÄÁÆ®·Ñ¿¡¼­ ¹ß»ýÇÑ´Ù°í Çϳ׿ä.

MS¿¡¼± ÆÐÄ¡¿¡ ´ëÇÑ ÀӽùæÆíÀ¸·Î ¹®Á¦ÀÇ activex¿¡ ´ëÇÑ kill bit Àû¿ëÇ϶ó°íÇϴµ¥..
¿¨ Á» ÀÌ»óÇϳ׿ä IE¸¦ °ø°ÝÇÏ´Â °ÍÀÌ ¾Æ´Ñµ¥? =_=
ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ ¹Þ´Â °Ô °¡Àå È®½ÇÇÒ °Í °°½À´Ï´Ù.
  Hit : 7829     Date : 2012/04/26 11:54


    
dkdkfjgh À½.... POC ³ª¿ÔÀ¸´Ï, °ø°ÝÀÌ ¼ºÇàÇÏ°Ú±º¿ä.... ±×¸®°í MSÀÇ ¶«Áú ¾Æ´Ñ ¶«Áú... 2012/05/02