¡à °³¿ä
o Adobe Flash PlayerÀÇ ¿ø°ÝÄÚµå½ÇÇà ¹× Å©·Î½º»çÀÌÆ®°ø°Ý º¸¾È Ãë¾àÁ¡ ÇØ°á ¹öÀüÀÌ
¹ßÇ¥µÊ[1]
o Á¶ÀÛµÈ Ç÷¡½¬ ÆÄÀÏ(.swf, .flv)·Î ÀÎÇÏ¿© Ãë¾à ¹öÀüÀÇ Flash Player »ç¿ëÀÚ´Â ÇÇ½Ì ¹×
¾Ç¼ºÄÚµå °¨¿°µîÀÇ ÇÇÇظ¦ ÀÔÀ» ¼ö ÀÖÀ½À¸·Î »ç¿ëÀÚÀÇ ÁÖÀÇ ¹× ÃֽŹöÀü ¼³Ä¡°¡ ±Ç°íµÊ
¡à ÇØ´ç ÇÁ·Î±×·¥
o Adobe Flash Player 9.0.45.0 ÀÌÇÏ ¹öÀü
o Adobe Flash Player 8.0.34.0 ÀÌÇÏ ¹öÀü
o Adobe Flash Player 7.0.69.0 ÀÌÇÏ ¹öÀü
¡à ¼³¸í
o ´ÙÀ½°ú °°Àº Adobe Flash PlayerÀÇ Ãë¾àÁ¡ÀÌ °ø°³µÈ »óÅÂÀÓ
- CVE-2007-3456[2]: ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡
¡Ø Adobe Flash Player 9.0.45.0 ÀÌÇÏ ¸ðµç ¹öÀü ¿µÇâ
- CVE-2007-3457[3]: Å©·Î½º»çÀÌÆ® ¿äû À§Á¶(CSRF:Cross-Site Request Forgery) Ãë¾àÁ¡
¡Ø Adobe Flash Player 8.0.34.0 ÀÌÇÏ ¹öÀü ¿µÇâ
- CVE-2007-2022[4]: Opera ¹× Konqueror ºê¶ó¿ìÀú¿¡ »ç¿ëµÈ Flash Player ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡
¡Ø Adobe Flash Player 7.0.69.0 ÀÌÇÏ ¹öÀü
o »ó±â Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© Á¶ÀÛµÈ Ç÷¡½¬ ÆÄÀÏÀÌ »ðÀÔµÈ È¨ÆäÀÌÁö³ª À̸ÞÀÏÀ» Ãë¾à¹öÀü
»ç¿ë ÇÇÇØÀÚ°¡ ¹æ¹® ¶Ç´Â Àо °æ¿ì ÇÇ½Ì ¹× ¾Ç¼ºÄÚµå °¨¿° µî ÇÇÇظ¦ ÀÔÀ» ¼ö ÀÖÀ½
¡à ÇØ°á¹æ¾È
o Ãë¾àÁ¡ÀÌ º¸¿ÏµÈ ÃֽŠ¹öÀü ¼³Ä¡[5]
o Ãë¾àÁ¡ÀÌ ÀÖ´Â ±¸¹öÀüÀÇ ÇÁ·Î±×·¥ ÀÌ¿ëÀÚ´Â ÇÇÇظ¦ ÁÙÀ̱â À§ÇÏ¿© ´ÙÀ½°ú °°ÀÌ ¾ÈÀüÇÑ ºê¶ó¿ì¡
½À°üÀ» ÁؼöÇØ¾ß ÇÔ
- ½Å·ÚµÇÁö ¾ÊÀº À¥»çÀÌÆ® ¹æ¹® ¹× À̸ÞÀÏ ¿¶÷ ÁÖÀÇ
- °³ÀιæȺ®°ú ¹é½ÅÁ¦Ç°ÀÇ »ç¿ë µî
¡à Âü°í»çÀÌÆ®
[1]
http://www.adobe.com/support/security/bulletins/apsb07-12.html
[2]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
[3]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3457
[4]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022
[5]
http://www.adobe.com/kr/products/flashplayer
[Âü °í]
1. ¿ë¾î Á¤¸®
o Adobe Flash Player : AdobeÞä°¡ °³¹ßÇÑ Flash ÆÄÀÏ Àç»ý ÇÁ·Î±×·¥
o Flash : À̹ÌÁö, À½¼º ¹× µ¿¿µ»ó µîÀ» ÇϳªÀÇ ÆÄÀÏ ÇüÅ·ΠÀúÀåÇÏ´Â ¸ÖƼ¹Ìµð¾î µ¥ÀÌÅÍ Çü½Ä
o Å©·Î½º»çÀÌÆ® ¿äû À§Á¶(CSRF:Cross-Site Request Forgery) : ÀÌ¿ëÀÚ°¡ ÀǵµÇÏÁö ¾ÊÀº HTTP
¿äûÀ» º¸³»´Â Ãë¾àÁ¡
2. ±âŸ ¹®ÀÇ»çÇ×
o Çѱ¹Á¤º¸º¸È£ÁøÈï¿ø ÀÎÅͳÝħÇØ»ç°í´ëÀÀÁö¿ø¼¾ÅÍ : ±¹¹ø¾øÀÌ 118