Infomation
인터넷 익스플로러 취약 발표.
Hanlee79
2010. 2. 4. 10:28
블랙햇 DC 2010에서 인터넷 익스플로러를 이용해 사용자의 컴퓨터 파일을
빼내는 것을 발표 되었습니다.
Read the paper :
http://www.coresecurity.com/files/attachments/Abusing_insecure_features_of_Internet_Explorer.pdf
View the slide presentation :
http://www.coresecurity.com/files/attachments/BHDC2010.pdf
CoreLabs advisory :
http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag
이 취약점에 약한 패키지들 입니다.
Internet Explorer 5.01 SP4 on Windows 2000 sp4
Internet Explorer 6sp1 on Windows 2000 sp4
Internet Explorer 6sp2 on Windows XP sp2
Internet Explorer 6sp2 on Windows XP sp3
Internet Explorer 7 on Windows XP sp2
Internet Explorer 7 on Windows XP sp3
Internet Explorer 7 on Windows Vista sp1
Internet Explorer 7 on Windows Vista sp2
Internet Explorer 7 on Windows Server 2003 sp2 if Protected Mode if OFF and not using Enhanced Security Configuration
Internet Explorer 7 on Windows Server 2008 if Protected Mode if OFF and not using Enhanced Security Configuration
Internet Explorer 8 on Windows XP sp2
Internet Explorer 8 on Windows XP sp3
Internet Explorer 8 on Windows Vista sp1 if Protected Mode if OFF
Internet Explorer 8 on Windows Vista sp2 if Protected Mode is OFF
Internet Explorer 8 on Windows 7 if Protected Mode if OFF
Internet Explorer 8 on Windows Server 2003 sp2 if Protected Mode if OFF and not using Enhanced Security Configuration
Internet Explorer 8 on Windows Server 2008 R2 if Protected Mode if OFF and not using Enhanced Security Configuration