울지않는벌새 : Security, Movie & Society

업데이트 : Adobe Reader & Adobe Acrobat 9.4

벌새::Security

Adobe사에서 제공하는 PDF 문서 관련 프로그램 Adobe Reader, Adobe Acrobat 제품에서 발견된 23건의 보안 취약점에 대한 패치가 공개되었습니다.

특히 이번 보안 패치에서는 현재 광범위하게 악성코드로 활용되고 있는 CVE-2010-2883 취약점이 포함되어 있으므로 해당 제품을 사용하시는 분들은 반드시 최신 버전으로 업데이트를 하시기 바랍니다.

참고로 이번 보안 패치에서 이슈가 되고 있는 취약점은 APSB10-02 보안 권고에서 언급한 CVE-2010-2883 취약점과 함께 Adobe Flash Player와 연관된 CVE-2010-2884 취약점이므로 참고하시기 바랍니다.

[영향을 받는 소프트웨어]

Adobe Reader 9.3.4 버전 및 하위 버전 (Windows, Macintosh, UNIX)
Adobe Acrobat 9.3.4 버전 및 하위 버전 (Windows, Macintosh)

Adobe Reader 9.3.4 버전 또는 하위 버전을 사용하시는 분들은 반드시 Adobe Reader 9.4 최신 버전으로 업데이트하시기 바라며, Adobe Acrobat 9.3.4 버전 또는 하위 버전을 사용하시는 분들은 Adobe Acrobat 9.4 버전으로 업데이트를 하시기 바랍니다.

이번 보안 패치에서 다음과 같은 취약점에 대한 문제를 해결하였으므로 참고하시기 바랍니다.

  1. CVE-2010-2883 : This update resolves a font-parsing input validation vulnerability that could lead to code execution
  2. CVE-2010-2884 : This update resolves a memory corruption vulnerability in the authplay.dll component that could lead to code execution
  3. CVE-2010-2887 : This update resolves multiple potential Linux-only privilege escalation issues
  4. CVE-2010-2888 : This update resolves multiple input validation errors that could lead to code execution (Windows, ActiveX only)
  5. CVE-2010-2889 : This update resolves a font-parsing input validation vulnerability that could lead to code execution
  6. CVE-2010-2890 : This update resolves a memory corruption vulnerability that could lead to code execution
  7. CVE-2010-3619 : This update resolves a memory corruption vulnerability that could lead to code execution
  8. CVE-2010-3620 : This update resolves an image-parsing input validation vulnerability that could lead to code execution
  9. CVE-2010-3621 : This update resolves a memory corruption vulnerability that could lead to code execution
  10. CVE-2010-3622 : This update resolves a memory corruption vulnerability that could lead to code execution
  11. CVE-2010-3623 : This update resolves a memory corruption vulnerability that could lead to code execution (Macintosh platform only)
  12. CVE-2010-3624 : This update resolves an image-parsing input validation vulnerability that could lead to code execution (Macintosh platform only)
  13. CVE-2010-3625 : This update resolves a prefix protocol handler vulnerability that could lead to code execution
  14. CVE-2010-3626 : This update resolves a font-parsing input validation vulnerability that could lead to code execution
  15. CVE-2010-3627 : This update resolves an input validation vulnerability that could lead to code execution
  16. CVE-2010-3628 : This update resolves a memory corruption vulnerability that could lead to code execution
  17. CVE-2010-3629 : This update resolves an image-parsing input validation vulnerability that could lead to code execution
  18. CVE-2010-3630 : This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible
  19. CVE-2010-3631 : This update resolves an array-indexing vulnerability that could lead to code execution (Macintosh platform only)
  20. CVE-2010-3632 : This update resolves a memory corruption vulnerability that could lead to code execution
  21. CVE-2010-3658 : This update resolves a memory corruption vulnerability that could lead to code execution
  22. CVE-2010-3656 : This update resolves a denial of service issue
  23. CVE-2010-3657 : This update resolves a denial of service issue

이번 업데이트는 원래 2010년 10월 12일(한국 시간 2010년 10월 13일)에 있을 예정이던 분기별 정기 업데이트를 대신하므로 다음 정기 업데이트 일정은 2011년 2월 8일(한국 시간 2011년 2월 9일)에 있을 예정입니다.