English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 50364
À§Çèµµ 30
Æ÷Æ® 139.445
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù SMB
»ó¼¼¼³¸í ¿ø°Ý Windows È£½ºÆ®¿¡ ¼³Ä¡µÈ Adobe Acrobat ¹öÀüÀº 17.011.30207, 20.004.30020 ¶Ç´Â 21.011.20039 ÀÌÀü ¹öÀüÀÔ´Ï´Ù. µû¶ó¼­ ¿©·¯ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.

- ÇöÀç »ç¿ëÀÚÀÇ ÄÁÅؽºÆ®¿¡¼­ ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Â Çü½Ä À̺¥Æ® ÀÛ¾÷ ó¸®ÀÇ Use-after-free Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù.. ÀÌ ¹®Á¦¸¦ ¾Ç¿ëÇÏ·Á¸é ÇÇÇØÀÚ°¡ ¾Ç¼º ÆÄÀÏÀ» ¿­¾î¾ß ÇÑ´Ù´Â Á¡¿¡¼­ »ç¿ëÀÚ »óÈ£ ÀÛ¿ëÀÌ ÇÊ¿äÇÕ´Ï´Ù. (CVE-2021-44701)

- Á¤º¸ °ø°³ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù. ÀÎÁõµÇÁö ¾ÊÀº °ø°ÝÀÚ´Â ÀÌ Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© NTLMv2 ÀÚ°Ý Áõ¸íÀ» ¾òÀ» ¼ö ÀÖ½À´Ï´Ù. ÀÌ ¹®Á¦¸¦ ¾Ç¿ëÇÏ·Á¸é ÇÇÇØÀÚ°¡ °ø°ÝÀÚ°¡ Á¦¾îÇÏ´Â À¥ ÆäÀÌÁö¸¦ ¹æ¹®ÇØ¾ß ÇÑ´Ù´Â Á¡¿¡¼­ »ç¿ëÀÚ »óÈ£ ÀÛ¿ëÀÌ ÇÊ¿äÇÕ´Ï´Ù. (CVE-2021-44702)

- Á¶ÀÛµÈ ÆÄÀÏÀÇ ¾ÈÀüÇÏÁö ¾ÊÀº 󸮷ΠÀÎÇÑ ½ºÅà ¹öÆÛ ¿À¹öÇ÷ΠÃë¾à¼ºÀ¸·Î ÀÎÇØ ÀáÀçÀûÀ¸·Î ÇöÀç »ç¿ëÀÚÀÇ ÄÁÅؽºÆ®¿¡¼­ ÀÓÀÇ Äڵ尡 ½ÇÇàµÉ ¼ö ÀÖ½À´Ï´Ù. ÀÌ ¹®Á¦¸¦ ¾Ç¿ëÇÏ·Á¸é ÇÇÇØÀÚ°¡ ¾Ç¼º ÆÄÀÏÀ» ¿­¾î¾ß ÇÑ´Ù´Â Á¡¿¡¼­ »ç¿ëÀÚ »óÈ£ ÀÛ¿ëÀÌ ÇÊ¿äÇÕ´Ï´Ù. (CVE-2021-44703)

- ÇöÀç »ç¿ëÀÚÀÇ ÄÁÅؽºÆ®¿¡¼­ ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Â Çü½Ä À̺¥Æ® ÀÛ¾÷ ó¸®ÀÇ Use-after-free Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù.. ÀÌ ¹®Á¦¸¦ ¾Ç¿ëÇÏ·Á¸é ÇÇÇØÀÚ°¡ ¾Ç¼º ÆÄÀÏÀ» ¿­¾î¾ß ÇÑ´Ù´Â Á¡¿¡¼­ »ç¿ëÀÚ »óÈ£ ÀÛ¿ëÀÌ ÇÊ¿äÇÕ´Ï´Ù. (CVE-2021-44704, CVE-2021-44705)

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ­ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
https://cwe.mitre.org/data/definitions/20.html
https://cwe.mitre.org/data/definitions/121.html
https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/125.html
https://cwe.mitre.org/data/definitions/190.html
https://cwe.mitre.org/data/definitions/284.html
https://cwe.mitre.org/data/definitions/416.html
https://cwe.mitre.org/data/definitions/476.html
https://cwe.mitre.org/data/definitions/657.html
https://cwe.mitre.org/data/definitions/787.html
https://cwe.mitre.org/data/definitions/788.html
https://cwe.mitre.org/data/definitions/824.html
https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Adobe Acrobat 17.011.30207 ÀÌÀüÀÇ ¹öÀüµé
Microsoft Windows Any version
Linux Any version
ÇØ°áÃ¥ ´ÙÀ½ Adobe º¸¾È °Ô½Ã¹°¿¡ ¼³¸íµÇ¾î ÀÖµíÀÌ Adobe AcrobatÀÇ °¡Àå ÃֽŠ¹öÀü(17.011.30207 ¶Ç´Â ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
https://helpx.adobe.com/security/products/acrobat/apsb22-01.html
°ü·Ã URL CVE-2021-44701,CVE-2021-44702,CVE-2021-44703,CVE-2021-44704,CVE-2021-44705,CVE-2021-44706,CVE-2021-44707,CVE-2021-44708,CVE-2021-44709 (CVE)
°ü·Ã URL (SecurityFocus)
°ü·Ã URL (ISS)