[MS10-018] Internet Explorer 누적 보안 업데이트
□ 영향
o 공격자가 영향 받는 시스템에 대해 완전한 권한 획득
□ 설명
o Internet Explorer가 초기화 되지 않거나 삭제된 메모리 객체에 접근하는 과정에서
원격코드실행 취약점이 발생함
o 공격자는 특수하게 조작된 웹 페이지를 이용자들이 열어보도록 유도하여 악성코드를
감염시키는데 해당 취약점을 악용함
o 관련취약점 :
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0267
- Post Encoding Information Disclosure Vulnerability - CVE-2010-0488
- Race Condition Memory Corruption Vulnerability - CVE-2010-0489
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0490
- HTML Object Memory Corruption Vulnerability - CVE-2010-0491
- HTML Object Memory Corruption Vulnerability - CVE-2010-0492
- HTML Element Cross-Domain Vulnerability - CVE-2010-0494
- Memory Corruption Vulnerability - CVE-2010-0805
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0806
- HTML Rendering Memory Corruption Vulnerability - CVE-2010-0807
o 영향 : 원격코드실행
o 중요도 : 긴급
□ 해당시스템
o 영향 받는 소프트웨어
- Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
- Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
- Internet Explorer 6 on Windows XP SP2, SP3
- Internet Explorer 6 on Windows XP Professional x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2
- Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows XP SP2, SP3
- Internet Explorer 7 on Windows XP Professional x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2
- Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows Vista, SP1, SP2
- Internet Explorer 7 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 7 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows XP SP2, SP3
- Internet Explorer 8 on Windows XP Professional x64 Edition SP2
- Internet Explorer 8 on Windows Server 2003 SP2
- Internet Explorer 8 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 on Windows Vista, SP1, SP2
- Internet Explorer 8 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 8 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows 7 for 32-bit Systems
- Internet Explorer 8 on Windows 7 for x64-based Systems
□ 해결책
o 해당 시스템에 대한 마이크로소프트사의 취약점 패치 적용