2007³â 3¿ù 29ÀÏ »õ·Î¿î º¸¾ÈÃë¾àÁ¡À» ÀÌ¿ëÇÑ Æ®·ÎÀ̸ñ¸¶°¡ Áß±¹ µîÁö¿¡¼ ¹ß°ßµÇ¾î ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ ±ä±ÞÇÑ ÆÐÄ¡°¡ ÇÊ¿äÇÑ »óȲÀ̶ó°í À×Ä«ÀÎÅͳÝÀº ¹àÇû´Ù.
À̹ø¿¡ ¹ß°ßµÈ Á¾·ù´Â Animated Cursor ÆÄÀÏÀÇ ¡®Zero-Day Attack¡¯À̸ç, ¾ÆÀÌÄÜ ¹× Ä¿¼ Çü½Ä ÆÄÀÏÀÇ Ã³¸® ¹®Á¦·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà °¡´É Ãë¾àÁ¡ÀÌ´Ù. Áö±Ý±îÁö URL ÁÖ¼Ò¸¸ ´Ù¸¥ 3°³ÀÇ »ùÇÃÀÌ ÀÔ¼öµÈ »óȲÀÌ´Ù.
ANI ÆÄÀÏÀº RIFF(Resource Interchange File Format) Çü½ÄÀ¸·Î À©µµ¿ì¿¡¼ ¸ÖƼ¹Ìµð¾î °ü·Ã µ¥ÀÌÅÍ µîÀ» ÀúÀåÇϱâ À§ÇØ ¸¸µé¾îÁø ÆÄÀÏ Æ÷¸ËÀ¸·Î AVI, WAV µîÀÇ ¹Ìµð¾î ÆÄÀÏ¿¡¼µµ ´Ù¾çÇÏ°Ô »ç¿ëµÇ°í ÀÖ´Ù.
¾ÇÀÇÀûÀÎ ANI ÆÄÀÏÀº Ãë¾àÇÑ À¥ »çÀÌÆ®¿Í ÀüÀÚ¿ìÆí ¸Þ½ÃÁö µîÀ» ÅëÇؼ À¯Æ÷µÇ¸ç, ÀÎÅÍ³Ý »ç¿ëÀÚ°¡ ÇØ´ç À¥ ÆäÀÌÁö³ª »çÀÌÆ®¸¦ ¹æ¹® ½Ã Exploit Äڵ尡 Æ÷ÇÔµÈ ANI ÆÄÀÏÀÌ ½ÇÇàµÇ°í, ÄÚµå ³»ºÎ¿¡ Æ÷ÇÔÇÏ°í ÀÖ´Â URL¿¡ ÀÇÇÏ¿© ¶Ç ´Ù¸¥ ¾Ç¼ºÄڵ带 »ç¿ëÀÚ ¸ô·¡ ¼³Ä¡ÇÏ°Ô µÇ´Â ¹æ½ÄÀ» ÀÌ¿ëÇÏ°Ô µÈ´Ù.
ÇöÀç ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»ç¿¡¼´Â ¾Æ·¡¿Í °°ÀÌ 2007³â 3¿ù 29ÀÏÀÚ·Î Security Advisory¸¦ ¹ßÇ¥ÇÑ »óÅÂÀÌ´Ù.
Microsoft Security Advisory (935423)
Vulnerability in Windows Animated Cursor Handling
http://www.microsoft.com/technet/security/advisory/935423.mspx
¿µÇâÀ» ¹Þ´Â ¿î¿µÃ¼Á¦´Â ¾Æ·¡¿Í °°ÀÌ ¹ßÇ¥µÇ¾ú´Ù.
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Vista
¹ß°ßµÈ ANI ÆÄÀÏ·Î ÀÎÇÏ¿© ´Ù¿î·Îµå°¡ ½ÃµµµÇ´Â ÆÄÀÏÀº Áß±¹ÀÇ Æ¯Á¤ »çÀÌÆ®¿¡ Á¸ÀçÇϸç, Viking º¯Á¾ ¹ÙÀÌ·¯½º¿¡ ÀÇÇØ ÆÄÀÏÀÌ °¨¿°µÈ´Ù.
|
