본문 바로가기

벌새::Security

업데이트 : Adobe Shockwave Player 11.5.9.615

Adobe Director로 제작된 웹 콘텐츠를 구현해주는 Adobe Shockwave Player에서 최근 발견된 제로데이(0-Day) 보안 취약점에 대한 보안 패치 Adobe Shockwave Player 11.5.9.615 버전이 공개되었습니다.
[영향을 받는 소프트웨어]

Shockwave Player 11.5.8.612 버전 및 하위 버전 (Windows, Macintosh)

이번 보안 패치에서는 현재 인터넷 상에서 실제적으로 악성코드 유포 행위에 이용되고 있는 CVE-2010-3653 취약점을 비롯한 총 11개의 보안 취약점에 대한 보안 문제가 해결되었습니다.

  1. CVE-2010-3653 : This update resolves a memory corruption vulnerability that could lead to code execution.
  2. CVE-2010-2581 : This update resolves a memory corruption vulnerability in the dirapi.dll module that could lead to code execution.
  3. CVE-2010-2582 : This update resolves a heap-based buffer overflow vulnerability that could lead to code execution.
  4. CVE-2010-3655 : This update resolves a stack overflow vulnerability in the dirapi.dll module that could lead to code execution.
  5. CVE-2010-4084 : This update resolves a memory corruption vulnerability in the dirapi.dll module that could lead to code execution.
  6. CVE-2010-4085 : This update resolves a memory corruption vulnerability in the dirapi.dll module that could lead to code execution.
  7. CVE-2010-4086 : This update resolves a memory corruption vulnerability in the dirapi.dll module that could lead to code execution.
  8. CVE-2010-4087 : This update resolves a memory corruption vulnerability in the IML32.dll module that could lead to code execution.
  9. CVE-2010-4088 : This update resolves a memory corruption vulnerability in the dirapi.dll module that could lead to code execution.
  10. CVE-2010-4089 : This update resolves a memory corruption vulnerability in the IML32.dll module that could lead to code execution.
  11. CVE-2010-4090 : This update resolves a memory corruption vulnerability that could lead to code execution.

최초 해당 취약점에 대한 임시 예방책으로 제시한 Internet Explorer 추가 기능 관리의 [Shockwave ActiveX Control] 항목을 [사용 안 함]으로 변경하신 분들은 반드시 [사용]으로 변경하신 후 Adobe Shockwave Player 11.5.9.615 버전으로 업데이트를 하시기 바랍니다.