본문 바로가기
벌새::Security

업데이트 : Adobe Shockwave Player 11.5.9.620

벌새 2011. 2. 9. 14:21
반응형

Adobe사에서 제공하는 Adobe Director로 제작된 웹 콘텐츠를 구현해주는 Adobe Shockwave Player 제품에서 발견된 보안 문제를 해결한 Adobe Shockwave Player 11.5.9.620 버전이 공개되었습니다.

이번 버전에서는 총 21건의 보안 취약점과 관련된 보안 패치가 포함되어 있으며, 공격자는 메모리 변조, Integer Overflow 취약점, 입력 검증 취약점 등을 이용하여 임의의 코드 실행이 가능한 것으로 알려져 있습니다.

[영향을 받는 소프트웨어]

Shockwave Player 11.5.9.615 버전 및 하위 버전 (Windows, Macintosh)

그러므로 Adobe Shockwave Player 제품이 설치된 사용자는 반드시 Adobe Shockwave Player 11.5.9.620 버전으로 업데이트를 하시고 이용하시기 바랍니다.

해당 버전에서 해결된 세부적인 보안 취약점은 다음과 같습니다.
  1. CVE-2010-2587 : This update resolves a memory corruption vulnerability in the dirapi.dll module that could lead to code execution.
  2. CVE-2010-2588 : This update resolves a memory corruption vulnerability in the dirapi.dll module that could lead to code execution.
  3. CVE-2010-2589 : This update resolves an integer overflow vulnerability in the dirapi.dll module that could lead to code execution.
  4. CVE-2010-4092 : This update resolves a use-after-free vulnerability that could lead to code execution.
  5. CVE-2010-4093 : This update resolves a memory corruption vulnerability that could lead to code execution.
  6. CVE-2010-4187 : This update resolves a memory corruption vulnerability that could lead to code execution.
  7. CVE-2010-4188 : This update resolves a memory corruption vulnerability in the dirapi.dll module that could lead to code execution.
  8. CVE-2010-4189 : This update resolves a memory corruption vulnerability in the IML32 module that could lead to code execution.
  9. CVE-2010-4190 : This update resolves a memory corruption vulnerability that could lead to code execution.
  10. CVE-2010-4191 : This update resolves a memory corruption vulnerability that could lead to code execution.
  11. CVE-2010-4192 : This update resolves a memory corruption vulnerability that could lead to code execution.
  12. CVE-2010-4193 : This update resolves an input validation vulnerability that could lead to code execution.
  13. CVE-2010-4194 : This update resolves an input validation vulnerability in the dirapi.dll module that could lead to code execution.
  14. CVE-2010-4195 : This update resolves an input validation vulnerability in the TextXtra module that could lead to code execution.
  15. CVE-2010-4196 : This update resolves an input validation vulnerability in the Shockwave 3d Asset module that could lead to code execution.
  16. CVE-2010-4306 : This update resolves a memory corruption vulnerability that could lead to code execution.
  17. CVE-2010-4307 : This update resolves a buffer overflow vulnerability that could lead to code execution.
  18. CVE-2011-0555 : This update resolves a memory corruption vulnerability that could lead to code execution.
  19. CVE-2011-0556 : This update resolves a memory corruption vulnerability in the Font Xtra.x32 module that could lead to code execution.
  20. CVE-2011-0557 : This update resolves an integer overflow vulnerability that could lead to code execution.
  21. CVE-2011-0569 : This update resolves a memory corruption vulnerability in the Font Xtra.x32 module that could lead to code execution.
Adobe Shockwave Player를 이용한 다양한 웹 콘텐츠(동영상, 게임 등)를 구현하는 인터넷 사이트가 존재하며, 악의적으로 조작된 콘텐츠를 실행한 경우 시스템 감염이 이루어질 수 있으므로 반드시 최신 버전 체크를 통한 업데이트를 하시기 바랍니다.
728x90
반응형

티스토리툴바