| Ãë¾àÁ¡ID |
28272 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
139,445 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
SMB |
| »ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 11.5.7.609 ÀÌÀüÀÇ Shockwave PlayerÀÇ ¾î¶² ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù. Shockwave Player 11.5.7.609 ÀÌÀüÀÇ ¹öÀüµéÀº ´ÙÀ½°ú °°Àº ´ÙÁßÀÇ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ°íÇ÷¯±×ÀÎ ÇüÅ·Π»ç¿ëÇÏ´Â À¥ ºê¶ó¿ìÀú´Â ÀÌ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ´Â´Ù.
- Ư¼öÇÏ°Ô Á¶ÀÛµÈ FFFFFF45h Shockwate 3D ºí·ÏÀ» ó¸®ÇÏ´Â µµÁß ¸Þ¸ð¸® ¼Õ»óÀÌ
¹ß»ýÇÒ ¼ö ÀÖ´Ù. (CVE-2010-0127, CVE-2010-1283)
- signedness ¹®Á¦Á¡Àº Ư¼öÇÏ°Ô Á¶ÀÛµÈ µð·ºÅÍ ÆÄÀÏÀ» ó¸®ÇÒ ¶§ ¸Þ¸ð¸® ¼Õ»óÀ» À¯¹ß
ÇÒ ¼ö ÀÖ´Ù. (CVE-2010-0128)
- ¹è¿ ÀÎÅؽº ¿¡·¯´Â Ưº°ÇÏ°Ô Á¶ÀÛµÈ µð·ºÅÍ ÆÄÀÏÀ» ó¸®ÇÒ ¶§ ¸Þ¸ð¸® ¼Õ»óÀ» À¯¹ß
ÇÒ ¼ö ÀÖ´Ù. (CVE-2010-0129)
- Á¤¼öÇü ¿À¹öÇ÷οì Ãë¾àÁ¡Àº Ưº°ÇÏ°Ô Á¶ÀÛµÈ µð·ºÅÍ ÆÄÀÏÀ» ó¸®ÇÒ ¶§ ¸Þ¸ð¸® ¼Õ»ó
À» À¯¹ß ÇÒ ¼ö ÀÖ´Ù. (CVE-2010-0130)
- Á¤ÀǵÇÁö ¾ÊÀº ¿¡·¯´Â µð·ºÅÍ ÆÄÀϾÈÀÇ ÀÚ»ê ±¸Á¶¸¦ ó¸®ÇÒ ¶§ ¸Þ¸ð¸® ¼Õ»óÀ»
À¯¹ß ÇÒ ¼ö ÀÖ´Ù. (CVE-2010-0986)
- °æ°è°ª ¿¡·¯´Â µð·ºÅÍ ÆÄÀÏ¿¡ ³»ÀåµÈ ÆùÆ®¸¦ ó¸®ÇÒ ¶§ ¸Þ¸ð¸® ¼Õ»óÀ» À¯¹ß ÇÒ ¼ö
ÀÖ´Ù. (CVE-2010-0987)
- Á¤ÀǵÇÁö ¾ÊÀº ¿¡·¯´Â µð·ºÅÍ ÆÄÀÏÀ» ó¸®ÇÒ ¶§ ¸Þ¸ð¸® ¼Õ»óÀ» À¯¹ß ÇÒ ¼ö ÀÖ´Ù.
(CVE-2010-1280)
- ´Ù¼öÀÇ Á¤ÀǵÇÁö ¾ÊÀº ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ ÀÖ´Ù. (CVE-2010-1281, CVE-2010-1282, CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291, CVE-2010-1292)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://secunia.com/secunia_research/2010-17/
http://secunia.com/secunia_research/2010-19/
http://secunia.com/secunia_research/2010-20/
http://secunia.com/secunia_research/2010-22/
http://secunia.com/secunia_research/2010-34/
http://secunia.com/secunia_research/2010-50/
http://www.zerodayinitiative.com/advisories/ZDI-10-087/
http://www.zerodayinitiative.com/advisories/ZDI-10-088/
http://www.zerodayinitiative.com/advisories/ZDI-10-089/
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php
http://www.coresecurity.com/content/adobe-director-invalid-read
http://www.adobe.com/support/security/bulletins/apsb10-12.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Shockwave Player 11.5.7.609 ÀÌÀü ¹öÀü
Microsoft Windows Any version |
| ÇØ°áÃ¥ |
Adobe À¥ »çÀÌÆ®ÀÎ http://get.adobe.com/shockwave/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Shockwave PlayerÀÇ °¡Àå ÃֽŠ¹öÀü(11.5.7.609 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2010-0127,CVE-2010-0128,CVE-2010-0129,CVE-2010-0130,CVE-2010-0986,CVE-2010-0987,CVE-2010-1280,CVE-2010-1281,CVE-2010-1282,CVE-2010-1283 (CVE) |
| °ü·Ã URL |
40076,40077,40078,40079,40081,40082,40083,40084,40085,40086,40087,40088,40089,40090,40091,40093,40094,40096 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
