Ç÷Ïò¿Æ¼¼½¨¸´ÆóÒµ°²È«²úÆ·ÖеĶà¸ö·ì϶·çÏÕ¹«¸æ

°ä²¼¹¦·ò 2020-03-18

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-8467 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.1 £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8468 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.0 £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8470 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10 £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8598 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10 £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8599 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10 £¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Apex One (on premise) 2019

OfficeScan XG SP1

OfficeScan XG (non-SP)


·ì϶¸ÅÊö


½üÈÕ £¬Ç÷Ïò¿Æ¼¼°ä²¼°²È«¸üР£¬½¨¸´ÁËÁ½¸öÒÑÔÚÒ°±íÀûÓõÄ0dayºÍÁí±í3¸öÑϳÁ·ì϶¡£¸ÅÊöÈçÏ£º


CVE-2020-8467

Apex OneºÍOfficeScanµÄǨá㹤¾ß×é¼þÖеķì϶ £¬¿Éµ¼ÖÂRCE £¬¹¥»÷±ØÒªÓû§Éí·ÝÈÏÖ¤¡£


CVE-2020-8468

Apex OneºÍOfficeScan´úÀíÊܵ½ÄÚÈÝÑé֤תÒå·ì϶µÄÓ°Ïì £¬¿ÉÔÊÐí¹¥»÷Õ߰ѳÖijЩ´úÀí¿Í»§¶Ë×é¼þ £¬¹¥»÷±ØÒªÓû§Éí·ÝÈÏÖ¤¡£


CVE-2020-8470

rend Micro Apex OneºÍOfficeScan·þÎñÆ÷Ô̺¬Ò»¸öÒ×Êܹ¥»÷µÄ·þÎñDLLÎļþ £¬¹¥»÷ÕßÄܹ»Ê¹ÓÃSYSTEMȨÏÞɾ³ý·þÎñÆ÷ÉϵÄÈκÎÎļþ¡£ÀûÓô˷ì϶²»±ØÒªÉí·ÝÑéÖ¤¡£


CVE-2020-8598

OfficeScan·þÎñÆ÷Ô̺¬Ò×Êܹ¥»÷µÄ·þÎñDLLÎļþ £¬Ô¶³Ì¹¥»÷ÕßÄܹ»Ê¹ÓÃSYSTEMȨÏÞÔÚÊÜÓ°ÏìµÄ×°ÖÃÉÏÖ´ÐÐËÁÒâ´úÂë¡£ÀûÓô˷ì϶²»±ØÒªÉí·ÝÑéÖ¤¡£


CVE-2020-8599

OfficeScan·þÎñÆ÷Ô̺¬Ò»¸öÒ×Êܹ¥»÷µÄEXEÎļþ £¬Ô¶³Ì¹¥»÷ÕßÄܹ»Í¨¹ý¸ÃÎļþ½«ËÁÒâÊý¾ÝдÈëÊÜÓ°Ïì×°ÖõÄËÁÒâõ辶²¢ÈƹýRootµÇ¼¡£ÀûÓô˷ì϶²»±ØÒªÉí·ÝÑéÖ¤¡£


·ì϶ÑéÖ¤


ÔÝÎÞPoC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°¹Ù·½ÒÑ°ä²¼×îа汾½¨¸´¸Ã·ì϶ £¬Á´½Ó£ºhttps://success.trendmicro.com/solution/000245571¡£


²Î¿¼Á´½Ó


https://www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/