IEã®DOM処ç†ã«ãŠã„ã¦ãƒªãƒ¢ãƒ¼ãƒˆã‹ã‚‰æ”»æ’ƒå¯èƒ½ãªãƒ¡ãƒ¢ãƒªç ´å£Šã®è„†å¼±æ€§ï¼ˆCVE-2011-1256,MS11-050)ã«é–¢ã™ã‚‹æ¤œè¨¼ãƒ¬ãƒãƒ¼ãƒˆ
2011/6/20
NTTデータ・セã‚ãƒ¥ãƒªãƒ†ã‚£æ ªå¼ä¼šç¤¾
辻 伸弘
å°ç”°åˆ‡ã€€ç§€æ›‰
泉田 幸å®
ã€æ¦‚è¦ã€‘
Microsoft社ã®Internet Explorer(以下 IE)ã«ã€ãƒªãƒ¢ãƒ¼ãƒˆã‹ã‚‰æ”»æ’ƒå¯èƒ½ãªãƒ¡ãƒ¢ãƒªç ´å£Šã®è„†å¼±æ€§(CVE-2011-1256)ãŒç™ºè¦‹ã•ã‚Œã¾ã—ãŸã€‚
ã“ã®è„†å¼±æ€§ã¯IEã®DOM変更処ç†ã«å˜åœ¨ã—ã¾ã™ã€‚IEãŒæ£ã—ãåˆæœŸåŒ–ã•ã‚Œã¦ã„ãªã„オブジェクトや削除ã•ã‚ŒãŸã‚ªãƒ–ジェクトを処ç†ã™ã‚‹éš›ã«ã€ãƒ¡ãƒ¢ãƒªç ´å£Šã‚’引ãèµ·ã“ã™å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚
ã“ã®è„†å¼±æ€§ã«ã‚ˆã‚Šã€ç´°å·¥ã•ã‚ŒãŸWebページã®é–²è¦§ãªã©ã§ã€ãƒãƒ¼ã‚«ãƒ«ãƒ¦ãƒ¼ã‚¶ã¨åŒã˜æ¨©é™ãŒå¥ªå–ã•ã‚Œã‚‹å±é™ºæ€§ãŒã‚ã‚Šã¾ã™ã€‚想定ã•ã‚Œã‚‹è¢«å®³ã¨ã—ã¦ã¯ã€ãƒãƒ¼ã‚«ãƒ«ãƒ¦ãƒ¼ã‚¶æ¨©é™ã§ã®æƒ…å ±å–å¾—ã€æ”¹ã–ã‚“ã€ã¾ãŸã¯ã€ãƒ¯ãƒ¼ãƒ やスパイウェアãªã©ã®æ‚ªæ„ã‚るプãƒã‚°ãƒ©ãƒ をシステム内ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•ã‚Œã‚‹ã“ã¨ãŒè€ƒãˆã‚‰ã‚Œã¾ã™ã€‚
今回ã€ã“ã®IEã®è„†å¼±æ€§(CVE-2011-1256)ã®å†ç¾æ€§ã«ã¤ã„ã¦æ¤œè¨¼ã‚’è¡Œã„ã¾ã—ãŸã€‚
IEã®DOM処ç†ã«ãŠã„ã¦ãƒªãƒ¢ãƒ¼ãƒˆã‹ã‚‰æ”»æ’ƒå¯èƒ½ãªãƒ¡ãƒ¢ãƒªç ´å£Šã®è„†å¼±æ€§ï¼ˆCVE-2011-1256,MS11-050)ã«é–¢ã™ã‚‹æ¤œè¨¼ãƒ¬ãƒãƒ¼ãƒˆ
ã€å½±éŸ¿ã‚’å—ã‘ã‚‹ã¨ã•ã‚Œã¦ã„るアプリケーション】
ç¾åœ¨ã®ã¨ã“ã‚ã€å½±éŸ¿ã‚’å—ã‘ã‚‹å¯èƒ½æ€§ãŒå ±å‘Šã•ã‚Œã¦ã„ã‚‹ã®ã¯æ¬¡ã®é€šã‚Šã§ã™ã€‚
- Windows XP Service Pack 3 Internet Explorer 6
- Windows XP Professional x64 Edition Service Pack 2 Internet Explorer 6
- Windows Server 2003 Service Pack 2 Internet Explorer 6
- Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 6
- Windows Server 2003 with SP2 for Itanium-based Systems Internet Explorer 6
- Windows XP Service Pack 3 Internet Explorer 7
- Windows XP Professional x64 Edition Service Pack 2 Internet Explorer 7
- Windows Server 2003 Service Pack 2 Internet Explorer 7
- Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 7
- Windows Server 2003 with SP2 for Itanium-based Systems Internet Explorer 7
- Windows Vista Service Pack 1 ãŠã‚ˆã³ Windows Vista Service Pack 2 Internet Explorer 7
- Windows Vista x64 Edition Service Pack 1 ãŠã‚ˆã³ Windows Vista x64 Edition Service Pack 2 Internet Explorer 7
- Windows Server 2008 for 32-bit Systems ãŠã‚ˆã³ Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 7
- Windows Server 2008 for x64-based Systems ãŠã‚ˆã³ Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 7
- Windows Server 2008 for Itanium-based Systems ãŠã‚ˆã³ Windows Server 2008 for Itanium-based Systems Service Pack 2 Internet Explorer 7
- Windows XP Service Pack 3 Internet Explorer 8
- Windows XP Professional x64 Edition Service Pack 2 Internet Explorer 8
- Windows Server 2003 Service Pack 2 Internet Explorer 8
- Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 8
- Windows Vista Service Pack 1 ãŠã‚ˆã³ Windows Vista Service Pack 2 Internet Explorer 8
- Windows Vista x64 Edition Service Pack 1 ãŠã‚ˆã³ Windows Vista x64 Edition Service Pack 2 Internet Explorer 8
- Windows Server 2008 for 32-bit Systems ãŠã‚ˆã³ Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 8
- Windows Server 2008 for x64-based Systems ãŠã‚ˆã³ Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 8
- Windows 7 for 32-bit SystemsãŠã‚ˆã³ Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 8
- Windows 7 for x64-based Systems ãŠã‚ˆã³ Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 8
- Windows Server 2008 R2 for x64-based Systems ãŠã‚ˆã³ Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 8
- Windows Server 2008 R2 for Itanium-based Systems ãŠã‚ˆã³ Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Explorer 8
ã€å¯¾ç–案】
Microsoft社よりã€ã“ã®è„†å¼±æ€§ã‚’ä¿®æ£ã™ã‚‹ãƒ—ãƒã‚°ãƒ©ãƒ (MS11-050)ãŒãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã¦ãŠã‚Šã¾ã™ã€‚
当該脆弱性ãŒä¿®æ£ã•ã‚ŒãŸä¿®æ£ãƒ—ãƒã‚°ãƒ©ãƒ ã‚’é©ç”¨ã—ã¦ã„ãŸã ãã“ã¨ã‚’推奨ã„ãŸã—ã¾ã™ã€‚
ã¾ãŸã€Microsoft社ã§ã¯ä»¥ä¸‹ã®å›žé¿ç–ã‚’æ示ã—ã¦ãŠã‚Šã¾ã™ã€‚ä¿®æ£ãƒ—ãƒã‚°ãƒ©ãƒ ã®é©ç”¨ãŒå›°é›£ã§ã‚ã‚‹å ´åˆã¯ã”検討下ã•ã„。
- â‘ Enhanced Mitigation Experience Toolkit (EMET) を使用ã™ã‚‹ã€‚
- â‘¡ インターãƒãƒƒãƒˆãŠã‚ˆã³ãƒãƒ¼ã‚«ãƒ« イントラãƒãƒƒãƒˆ ã‚»ã‚ュリティ ゾーンã®è¨å®šã‚’「高ã€ã«è¨å®šã—ã€ã“れらã®ã‚¾ãƒ¼ãƒ³ã§ ActiveX コントãƒãƒ¼ãƒ«ãŠã‚ˆã³ã‚¢ã‚¯ãƒ†ã‚£ãƒ– スクリプトをブãƒãƒƒã‚¯ã™ã‚‹ã€‚
- â‘¢ インターãƒãƒƒãƒˆãŠã‚ˆã³ãƒãƒ¼ã‚«ãƒ« イントラãƒãƒƒãƒˆ ã‚»ã‚ュリティ ゾーンã§ã€ã‚¢ã‚¯ãƒ†ã‚£ãƒ– スクリプトãŒå®Ÿè¡Œã•ã‚Œã‚‹å‰ã«ãƒ€ã‚¤ã‚¢ãƒã‚°ã‚’表示ã™ã‚‹ã‚ˆã†ã«è¨å®šã™ã‚‹ã€‚
- â‘£ インターãƒãƒƒãƒˆãŠã‚ˆã³ãƒãƒ¼ã‚«ãƒ« イントラãƒãƒƒãƒˆ ã‚»ã‚ュリティ ゾーンã§ã€ã‚¢ã‚¯ãƒ†ã‚£ãƒ– スクリプトã®å®Ÿè¡Œã‚’無効化ã™ã‚‹ã€‚
ã€å‚考サイト】
ã€æ¤œè¨¼ã‚¤ãƒ¡ãƒ¼ã‚¸ã€‘
ã€æ¤œè¨¼ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã‚·ã‚¹ãƒ†ãƒ 】
Windows XP Professional SP3 ãŠã‚ˆã³ Internet Explorer 7(XPã¯SP3é©ç”¨ç›´å¾Œã®çŠ¶æ…‹)
ã€æ¤œè¨¼æ¦‚è¦ã€‘
ターゲットシステムã«IEを通ã˜ã¦ã€ç´°å·¥ã•ã‚ŒãŸWebページを閲覧ã•ã›ã€IEã®è„†å¼±æ€§ã‚’利用ã—ãŸæ”»æ’ƒã‚³ãƒ¼ãƒ‰ã‚’実行ã™ã‚‹ã“ã¨ã§ä»»æ„ã®ã‚³ãƒ¼ãƒ‰ã‚’実行ã•ã›ã¾ã™ã€‚
今回ã®æ¤œè¨¼ã«ç”¨ã„ãŸã‚³ãƒ¼ãƒ‰ã¯ã€ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã‚·ã‚¹ãƒ†ãƒ 上ã‹ã‚‰ç‰¹å®šã®ã‚µãƒ¼ãƒã€ãƒãƒ¼ãƒˆã¸ã‚³ãƒã‚¯ã‚·ãƒ§ãƒ³ã‚’確立ã•ã›ã‚‹ã‚ˆã†ã«èª˜å°Žã—ã€ã‚·ã‚¹ãƒ†ãƒ ã®åˆ¶å¾¡ã‚’奪å–ã™ã‚‹ã‚‚ã®ã§ã™ã€‚
ã“ã‚Œã«ã‚ˆã‚Šã€ãƒªãƒ¢ãƒ¼ãƒˆã‹ã‚‰ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã‚·ã‚¹ãƒ†ãƒ ã®æ“作ãŒå¯èƒ½ã¨ãªã‚Šã¾ã™ã€‚
* 誘導先ã®ã‚·ã‚¹ãƒ†ãƒ 㯠Linuxã§ã™ã€‚
ã€æ¤œè¨¼çµæžœã€‘
下図ãŒç¤ºã™ã‚ˆã†ã«ã€èª˜å°Žå…ˆã®ã‚³ãƒ³ãƒ”ュータ(Debian)上ã«ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã‚·ã‚¹ãƒ†ãƒ (Windows XP)ã®ãƒ—ãƒãƒ³ãƒ—トãŒè¡¨ç¤ºã•ã‚Œã¦ã„ã¾ã™ã€‚
ã“ã‚Œã«ã‚ˆã‚Šã€ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã‚·ã‚¹ãƒ†ãƒ ã®åˆ¶å¾¡ã®å¥ªå–ã«æˆåŠŸã—ãŸã¨è¨€ãˆã¾ã™ã€‚
PDF版ã®ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã¯ã“ã¡ã‚‰ã‹ã‚‰ã€€PDF版
※ å„è¦æ ¼åã€ä¼šç¤¾åã€å›£ä½“åã¯ã€ä¸€èˆ¬ã«å„社ã®å•†æ¨™ã¾ãŸã¯ç™»éŒ²å•†æ¨™ã§ã™ã€‚Tweet