Ç÷Ïò¿Æ¼¼½¨¸´ÆóÒµ°²È«²úÆ·ÖеĶà¸ö·ì϶·çÏÕ¹«¸æ

°ä²¼¹¦·ò 2020-03-18

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-8467£¬ £¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬ £¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.1£¬ £¬£¬ £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8468£¬ £¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.0£¬ £¬£¬ £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8470£¬ £¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬ £¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10£¬ £¬£¬ £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8598£¬ £¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬ £¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10£¬ £¬£¬ £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8599£¬ £¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬ £¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10£¬ £¬£¬ £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Apex One (on premise) 2019

OfficeScan XG SP1

OfficeScan XG (non-SP)


·ì϶¸ÅÊö


½üÈÕ£¬ £¬£¬ £¬£¬£¬£¬Ç÷Ïò¿Æ¼¼°ä²¼°²È«¸üУ¬ £¬£¬ £¬£¬£¬£¬½¨¸´ÁËÁ½¸öÒÑÔÚÒ°±íÀûÓõÄ0dayºÍÁí±í3¸öÑϳÁ·ì϶¡£¡£¡£¡£¡£¡£¡£¸ÅÊöÈçÏ£º


CVE-2020-8467

Apex OneºÍOfficeScanµÄǨá㹤¾ß×é¼þÖеķì϶£¬ £¬£¬ £¬£¬£¬£¬¿Éµ¼ÖÂRCE£¬ £¬£¬ £¬£¬£¬£¬¹¥»÷±ØÒªÓû§Éí·ÝÈÏÖ¤¡£¡£¡£¡£¡£¡£¡£


CVE-2020-8468

Apex OneºÍOfficeScan´úÀíÊܵ½ÄÚÈÝÑé֤תÒå·ì϶µÄÓ°Ï죬 £¬£¬ £¬£¬£¬£¬¿ÉÔÊÐí¹¥»÷Õ߰ѳÖijЩ´úÀí¿Í»§¶Ë×é¼þ£¬ £¬£¬ £¬£¬£¬£¬¹¥»÷±ØÒªÓû§Éí·ÝÈÏÖ¤¡£¡£¡£¡£¡£¡£¡£


CVE-2020-8470

rend Micro Apex OneºÍOfficeScan·þÎñÆ÷Ô̺¬Ò»¸öÒ×Êܹ¥»÷µÄ·þÎñDLLÎļþ£¬ £¬£¬ £¬£¬£¬£¬¹¥»÷ÕßÄܹ»Ê¹ÓÃSYSTEMȨÏÞɾ³ý·þÎñÆ÷ÉϵÄÈκÎÎļþ¡£¡£¡£¡£¡£¡£¡£ÀûÓô˷ì϶²»±ØÒªÉí·ÝÑéÖ¤¡£¡£¡£¡£¡£¡£¡£


CVE-2020-8598

OfficeScan·þÎñÆ÷Ô̺¬Ò×Êܹ¥»÷µÄ·þÎñDLLÎļþ£¬ £¬£¬ £¬£¬£¬£¬Ô¶³Ì¹¥»÷ÕßÄܹ»Ê¹ÓÃSYSTEMȨÏÞÔÚÊÜÓ°ÏìµÄ×°ÖÃÉÏÖ´ÐÐËÁÒâ´úÂë¡£¡£¡£¡£¡£¡£¡£ÀûÓô˷ì϶²»±ØÒªÉí·ÝÑéÖ¤¡£¡£¡£¡£¡£¡£¡£


CVE-2020-8599

OfficeScan·þÎñÆ÷Ô̺¬Ò»¸öÒ×Êܹ¥»÷µÄEXEÎļþ£¬ £¬£¬ £¬£¬£¬£¬Ô¶³Ì¹¥»÷ÕßÄܹ»Í¨¹ý¸ÃÎļþ½«ËÁÒâÊý¾ÝдÈëÊÜÓ°Ïì×°ÖõÄËÁÒâõ辶²¢ÈƹýRootµÇ¼¡£¡£¡£¡£¡£¡£¡£ÀûÓô˷ì϶²»±ØÒªÉí·ÝÑéÖ¤¡£¡£¡£¡£¡£¡£¡£


·ì϶ÑéÖ¤


ÔÝÎÞPoC/EXP¡£¡£¡£¡£¡£¡£¡£


½¨¸´½¨Òé


Ä¿Ç°¹Ù·½ÒÑ°ä²¼×îа汾½¨¸´¸Ã·ì϶£¬ £¬£¬ £¬£¬£¬£¬Á´½Ó£ºhttps://success.trendmicro.com/solution/000245571¡£¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/