83, 3/5 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   sjh21a
   http://kernelhack.co.kr
   [Á¤º¸] MS Internet Explorer XML Parsing Remote Buffer overflow zer0-day

http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Notice&no=1170881860 [º¹»ç]


MS ÀÇ ÀÎÅÍ³Ý ÀͽºÇ÷η¯ 7.0 ¹öÀü¿¡¼­ XML Çڵ鸵 ½Ã,

¿ø°ÝÀ¸·Î °ø°Ý Äڵ带 ½ÇÇà ½Ãų ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ ¹ß°ß µÇ¾ú½À´Ï´Ù.

°ø°ÝÀÚ´Â °ø°Ý ¼º°ø½Ã ÇØ´ç ½Ã½ºÅÛ¿¡ ¿øÇÏ´Â °ø°Ý Äڵ带 ½ÇÇà ½Ãų ¼ö ÀÖ½À´Ï´Ù.

ÀÓ½ÃÀûÀÎ ÆÐÄ¡·Î´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ´Â oledb32.dll ÆÄÀÏÀ» ºñÈ°¼º ½ÃÅ°´Â °É·Î ÇØ°á ÇÒ ¼ö ÀÖ½À´Ï´Ù.

ÀÚ½ÅÀÇ PC°¡ À§ Ãë¾àÁ¡¿¡ °ø°Ý ´çÇÒ °¡´É¼ºÀÌ ÀÖ´ÂÁö, ¾Æ´ÑÁö ÆÇ´Ü Çغ¸½Ã·Á¸é

¾Æ·¡ÀÇ URL ·Î Á¢¼ÓÇØ º¸½Ã¸é µË´Ï´Ù.

http://research.hackerschool.org/JUST_TESTS/xml.html

Á¢¼Ó½Ã, ¿¡·¯ ¸Þ½ÃÁö¿Í IE°¡ Á¾·á µÇ¸é Ãë¾àÇÑ »óÅ ÀÔ´Ï´Ù.

¾Æ·¡ÀÇ Àӽà ÆÐÄ¡¸¦ ÇØÁֽøé, Á¾·á°¡ µÇÁö ¾Ê½À´Ï´Ù.

"½ÃÀÛ -> ½ÇÇà" ÈÄ ¾Æ·¡ ³»¿ë ÀÔ·Â.

Regsvr32.exe /u "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll"


Â÷ÈÄ¿¡ MS Ãø¿¡¼­ ÆÐÄ¡°¡ ³ª¿À¸é ¾Æ·¡ÀÇ ¸í·ÉÀ¸·Î oledb32.dll À» ´Ù½Ã µî·Ï ½ÃÄÑ ÁÖ½Ã¸é µË´Ï´Ù.

Regsvr32.exe "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll"


Âü°í¹®¼­

http://www.securityfocus.com/bid/32721

  Hit : 9022     Date : 2008/12/17 05:01



    
wadeco ¾È²¨Áö°í ¿¢¹ÚÀÌ¸é ±¦ÂúÀº°Ç°¡... 2008/12/18  
operet Àü ´ÙÇàÈ÷µµ, ³ëÅÏ ÀÎÅͳݽÃÅ¥¸®Æ¼°¡ ¸·¾ÆÁÖ³×¿ä ¤¾¤¾ 2008/12/21  
cydstyle Àúµµ ³ëÅÏÀÌ..¤»¤» 2008/12/30  
dkdkfjgh ±Û°Ô¿ä ¿¢¹ÚÀε¥... 2009/01/05  
¶Ë¸¶·ç ¤¾..Àü ¾Æ¹«°ÍµÎ ¾È¶á´Ù´Â.. 2009/01/10  
¾çÆÄ <b>Glob</b> 2009/03/09  
eraseZEROne Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ® (958215)
https://docs.microsoft.com/ko-kr/security-updates/securitybulletins/2008/ms08-073
2019/01/06  
43   [°øÁö] º¸¾È ¼Ò½ÄÅë ÀÛ¼º ±ÇÇÑ º¯°æ ¾È³»[2]     ¸Û¸Û
08/15 6747
42   [°øÁö] Á¦ 2ȸ ÇØÄð °ø°³ ¼¼¹Ì³ª ¾È³»ÀÔ´Ï´Ù.[2]     ¸Û¸Û
08/11 6752
41   [°øÁö] ¿¬±¸¼Ò 1Â÷ ÇÕ°ÝÀÚ ¹ßÇ¥ ¾È³»ÀÔ´Ï´Ù.[12]     ¸Û¸Û
06/10 9519
40   [Á¤º¸] Protect yourself in the Web ¼¼¹Ì³ª ¾È³»ÀÔ´Ï´Ù.[8]     ¸Û¸Û
05/12 8138
39   [°øÁö] ¿¬±¸¼Ò 4±â ¸â¹ö ¸ðÁý ±â°£ ¿¬ÀåÇÕ´Ï´Ù.[9]     ¸Û¸Û
05/09 8488
38   ÄÚµå°ÔÀÌÆ® Ƽ¼ÅÃ÷ ÀÜ·® óºÐÇÕ´Ï´Ù. (¿¹Á¤) -> Ãë¼Ò[41]     ¸Û¸Û
04/29 9136
37   ¿øÁ¤´ë ½ÃÀÛÇϽô ºÐµé Âü°íÇϼ¼¿ä~[4]     ¸Û¸Û
02/26 9524
36   BOF ¿øÁ¤´ë ÇöÀç ½ºÄÚ¾î (5/3ÀÏ ¾÷µ¥ÀÌÆ®)[25]     ¸Û¸Û
02/26 17411
35   BOF ¿øÁ¤´ë Ãâ¹ßÇÕ´Ï´Ù![17]     ¸Û¸Û
02/26 11356
34   ÇØÄð BOF(Buffer Overflow) ¿øÁ¤´ë ¸ðÁý![33]     ¸Û¸Û
02/26 12294
33   [°øÁö] ÇØÄðƼ À̺¥Æ®.![52]     ¸Û¸Û
02/24 8283
32   [°øÁö] ÇØÄð ¼­ºñ½º ¾÷µ¥ÀÌÆ®[8]     ¸Û¸Û
02/05 7333
31   [°øÁö] ÇØÅ· Ä·ÇÁ ÃÖÁ¾ ¼±¹ß °ü·Ã ³»¿ëÀÔ´Ï´Ù.[2]     ¸Û¸Û
01/26 6996
30   [°øÁö] ÇØÅ· Ä·ÇÁ Âü°¡ÀÚ ÃÖÁ¾ ¼±¹ß °ü·Ã °øÁöÀÔ´Ï´Ù.[9]     ¸Û¸Û
01/22 7054
29   [°øÁö] DDoS ¾Ç¼ºÄÚµå Ä¡·á ÇÁ·Î±×·¥ÀÔ´Ï´Ù.[28]     ¸Û¸Û
07/09 10670
28   [Á¤º¸] FreeBSD 7.0-RELEASE ÅÚ³Ý µ¥¸ó ³»ºÎ ±ÇÇÑ »ó½Â Ãë¾àÁ¡ (¿ø°Ý °ø°Ý °¡´É)[6]     sjh21a
02/20 11664
  [Á¤º¸] MS Internet Explorer XML Parsing Remote Buffer overflow zer0-day[7]     sjh21a
12/17 9021
26   [°øÁö] BOF ´ñ±Û ´Þ±â À̺¥Æ® °á°úÀÔ´Ï´Ù.[12]     ¸Û¸Û
11/19 7877
25   [Á¤º¸] ½Å±Ô Windows Ãë¾àÁ¡ ÆÐÄ¡ ¾È³»ÀÔ´Ï´Ù.[15]     ¸Û¸Û
10/26 9569
24   [°øÁö] ÇØÄð¼¥À» ¿ÀÇÂÇÕ´Ï´Ù.[18]     ¸Û¸Û
10/13 11918
[1][2] 3 [4][5]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org