반응형
Adobe사에서 제공하는 Adobe Director로 제작된 웹 콘텐츠를 구현해주는 Adobe Shockwave Player 제품에서 발견된 보안 문제를 해결한 Adobe Shockwave Player 11.6.0.626 버전이 업데이트 되었습니다.
이번 업데이트에서는 25건의 보안 취약점에 대한 패치가 포함되어 있으며, 해당 취약점들을 이용하여 공격자는 감염된 시스템에서 악성코드 실행을 가능하게 할 수 있습니다.
[영향을 받는 소프트웨어]
■ Adobe Shockwave Player 11.5.9.620 버전 및 하위 버전 (Windows, Macintosh)
■ Adobe Shockwave Player 11.5.9.620 버전 및 하위 버전 (Windows, Macintosh)
해당 취약점들은 Dirapi.dll 파일의 (다중) 메모리 변조 및 다중 Integer Overflow 취약점, IML32.dll 파일의 다중 메모리 변조 및 다중 Buffer Overflow 취약점, Shockwave3DAsset 구성요소의 다중 Buffer Overflow 취약점, CursorAsset x32와 Shockwave 3D Asset x32 구성요소의 Integer Overflow 취약점 등 다수의 취약점을 이용하여 코드 실행이 가능합니다.
문제가 된 취약점들에 대한 세부적인 내용은 다음과 같습니다.
- CVE-2011-0317 : This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution.
- CVE-2011-0318 : This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution.
- CVE-2011-0319 : This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution.
- CVE-2011-0320 : This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution.
- CVE-2011-0335 : This update resolves multiple memory corruption vulnerabilities in the Dirapi.dll component that could lead to code execution.
- CVE-2011-2108 : This update resolves a design flaw that could lead to code execution.
- CVE-2011-2109 : This update resolves multiple integer overflow vulnerabilities in the Dirapi.dll component that could lead to code execution.
- CVE-2011-2111 : This update resolves multiple memory corruption vulnerabilities in the IML32.dll component that could lead to code execution.
- CVE-2011-2112 : This update resolves multiple buffer overflow vulnerabilities in the IML32.dll component that could lead to code execution.
- CVE-2011-2113 : This update resolves multiple buffer overflow vulnerabilities in the Shockwave3DAsset component that could lead to code execution.
- CVE-2011-2114 : This update resolves multiple memory corruption vulnerabilities that could lead to code execution.
- CVE-2011-2115 : This update resolves multiple memory corruption vulnerabilities in the IML32.dll component that could lead to code execution.
- CVE-2011-2116 : This update resolves a memory corruption vulnerability in the IML32.dll component that could lead to code execution.
- CVE-2011-2117 : This update resolves a memory corruption vulnerability that could lead to code execution.
- CVE-2011-2118 : This update resolves an input validation vulnerability in the FLV ASSET Xtra component that could lead to code execution.
- CVE-2011-2119 : This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution.
- CVE-2011-2120 : This update resolves an integer overflow vulnerability in the CursorAsset x32 component that could lead to code execution.
- CVE-2011-2121 : This update resolves an integer overflow vulnerability that could lead to code execution.
- CVE-2011-2122 : This update resolves a memory corruption vulnerability in the Dirapi.dll component that could lead to code execution.
- CVE-2011-2123 : This update resolves an integer overflow vulnerability in the Shockwave 3D Asset x32 component that could lead to code execution.
- CVE-2011-2124 : This update resolves a memory corruption vulnerability that could lead to code execution.
- CVE-2011-2125 : This update resolves a buffer overflow vulnerability in the Dirapix.dll component that could lead to code execution.
- CVE-2011-2126 : This update resolves a buffer overflow vulnerability that could lead to code execution.
- CVE-2011-2127 : This update resolves a memory corruption vulnerability that could lead to code execution.
- CVE-2011-2128 : This update resolves a memory corruption vulnerability that could lead to code execution.
Adobe Shockwave Player를 이용한 다양한 웹 콘텐츠(동영상, 게임 등)를 구현하는 인터넷 사이트가 존재하며, 악의적으로 조작된 콘텐츠를 실행한 경우 시스템 감염이 이루어질 수 있으므로 반드시 최신 버전 체크를 통한 업데이트를 하시기 바랍니다.
728x90
반응형