| Ãë¾àÁ¡ID |
28229 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
139,445 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
SMB |
| »ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 6.0.12.1675 / 6.0.14.806 ÀÌÀüÀÇ RealPlayer/HelixPlayerÀÇ ¾î¶² ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù. RealOne / RealPlayer´Â Microsoft Windows Ç÷§Æûµé ±×¸®°í ´ëºÎºÐÀÇ Linux¿Í UnixÀ» À§ÇÑ ÀÎÅÍ³Ý ¹Ìµð¾î Àü¼Û¿ëÀ¸·Î ¸Å¿ì ±¤¹üÀ§ÇÏ°Ô »ç¿ëµÇ´Â Á¦Ç°µé ÁßÀÇ ÇϳªÀÌ´Ù. RealNetworks RealPlayer / RealOne Player / RealPlayer Enterprise ¹öÀüµéÀº ´ÙÁßÀÇ ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù. Àß Á¶ÀÛµÈ ¹Ìµð¾î ÆÄÀÏ(¿¹¸¦µé¾î, '.mp3', '.rm', '.SMIL', '.swf', '.ram', ȤÀº '.pls')À» º¸³» »ç¿ëÀÚ°¡ ±× ÆÄÀÏÀ» ¿¾î º¸°Ô²û À¯µµÇÔÀ¸·Î½á, °ø°ÝÀÚ´Â ¹öÆÛ¸¦ ¿À¹öÇ÷οì½ÃÅ°°í ¿µÇâÀ» ¹Þ´Â ¾îÇø®ÄÉÀ̼ÇÀÌ ÀÛµ¿ÇÏ´Â »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áö°í ½Ã½ºÅÛ »ó¿¡ ÀÓÀÇÀÇ Äڵ带 ½ÇÇà½Ãų ¼ö ÀÖ´Ù.
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ ¿ø°ÝÁö È£½ºÆ®ÀÇ ·¹Áö½ºÆ®¸®¸¦ ¾×¼¼½ºÇÒ ¼ö ÀÖ´Â Guest ȤÀº ±× ÀÌ»óÀÇ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://service.real.com/realplayer/security/07252008_player/en/
http://archives.neohapsis.com/archives/fulldisclosure/2008-03/0157.html
http://secunia.com/secunia_research/2007-93/advisory/
http://www.zerodayinitiative.com/advisories/ZDI-08-046
http://www.securityfocus.com/archive/1/494778/30/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-047
http://www.securityfocus.com/archive/1/494779/30/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0540.html
http://secunia.com/advisories/27620/
http://secunia.com/advisories/29315/
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
RealNetworks, RealOne Player v1, v2
RealNetworks, RealPlayer 10.0
RealNetworks, RealPlayer 8
RealNetworks, RealPlayer 11 (11.0.3 build 6.0.14.806 ÀÌÀüÀÇ 11.0.x)
RealNetworks, RealPlayer 10.5 (build 6.0.12.1675 ÀÌÀüÀÇ 6.0.x)
RealNetworks, RealPlayer Enterprise Any version
Microsoft Windows Any version
Linux Any version
Apple Mac OS Any version |
| ÇØ°áÃ¥ |
RealPlayerÀÇ °æ¿ì:
RealNetwork À¥ »çÀÌÆ®ÀÎ http://www.real.com/realplayer.html ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â RealPlayerÀÇ °¡Àå ÃֽŠ¹öÀü(11.0.3, build 6.0.14.806) / 10.5, build 6.0.12.1675 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
Helix PlayerÀÇ °æ¿ì:
´ÙÀ½ Helix Player Community ´Ù¿î·Îµå À¥ ÆäÀÌÁö·ÎºÎÅÍ ±¸ÇÒ ¼ö ÀÖ´Â ÀÌ Ãë¾àÁ¡À» À§ÇÑ ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
https://player.helixcommunity.org/downloads/
±âŸ:
ÇØ´ç Á¦Á¶¾÷ü¿¡ ¹®ÀÇÇÏ¿© ¾÷±×·¹À̵峪 ÆÐÄ¡ Á¤º¸¿¡ ´ëÇØ ¾Ë¾Æº»´Ù. |
| °ü·Ã URL |
CVE-2007-5400,CVE-2008-1309,CVE-2008-3064,CVE-2008-3066 (CVE) |
| °ü·Ã URL |
28157,30370,30376,30378,30379 (SecurityFocus) |
| °ü·Ã URL |
41087,43996,44013,44014 (ISS) |
|
