CVE-2016-7194, CVE-2016-7211
[º¸¾È´º½º ¹®°¡¿ë ±âÀÚ] ÇöÁö ½Ã°¢À¸·Î 10¿ù 13ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 13ÀÏ¿¡¼ 14ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÌ´Ù.
1. CVE-2016-7189
Microsoft EdgeÀÇ Chakra JavaScript ¿£ÁøÀÇ Ãë¾àÁ¡À¸·Î ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ Á¶ÀÛµÈ À¥ »çÀÌÆ®¸¦ ÅëÇØ ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù. Scripting Engine Remote Code Execution Ãë¾àÁ¡À̶ó°íµµ ¾Ë·ÁÁ® ÀÖ´Ù.
2. CVE-2016-7190
Microsoft EdgeÀÇ Chakra JavaScript ¿£ÁøÀÇ Ãë¾àÁ¡À¸·Î ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ Á¶ÀÛµÈ À¥ »çÀÌÆ®¸¦ ÅëÇØ ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇϰųª DoS °ø°ÝÀ» ½ÇÇàÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù. Scripting Engine Memory Corruption Ãë¾àÁ¡À̶ó°íµµ ºÒ¸®¸ç, CVE-2016-3386, CVE-2016-3389, CVE-2016-7194°ú´Â ´Ù¸¥ Ãë¾àÁ¡ÀÌ´Ù.
3. CVE-2016-7193
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Office Online ServerÀÇ Ãë¾àÁ¡À¸·Î ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ Á¶ÀÛµÈ RTF ¹®¼¸¦ ÅëÇØ ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù. Microsoft Office Memory Corruption Ãë¾àÁ¡À̶ó°íµµ ¾Ë·ÁÁ® ÀÖ´Ù.
4. CVE-2016-7194
Microsoft EdgeÀÇ Chakra JavaScript ¿£ÁøÀÇ Ãë¾àÁ¡À¸·Î ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ Á¶ÀÛµÈ À¥ »çÀÌÆ®¸¦ ÅëÇØ ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇϰųª DoS °ø°ÝÀ» ÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù. Scripting Engine Memory Corruption Ãë¾àÁ¡À̶ó°íµµ ºÒ¸°´Ù. CVE-2016-3386, CVE-2016-3389, CVE-2016-7190¿Í ´Ù¸¥ Ãë¾àÁ¡ÀÌ´Ù.
5. CVE-2016-7211
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold¿Í R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607ÀÇ Ä¿³Î ¸ðµå µå¶óÀ̹ö¿¡ ÀÖ´Â Ãë¾àÁ¡À¸·Î ·ÎÄÃÀÇ »ç¿ëÀÚ°¡ Á¶ÀÛµÈ ¾ÖÇø®ÄÉÀ̼ÇÀ» ÅëÇØ ±ÇÇÑÀ» »ó½Â½Ãų ¼ö ÀÖ°Ô µÈ´Ù. Win32k Elevation of Privilege Ãë¾àÁ¡À̶ó°íµµ ºÒ¸®¸ç CVE-2016-3266, CVE-2016-3376, CVE-2016-7185¿Í´Â ´Ù¸¥ Ãë¾àÁ¡ÀÌ´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>