Ç÷Ïò¿Æ¼¼½¨¸´ÆóÒµ°²È«²úÆ·ÖеĶà¸ö·ì϶·çÏÕ¹«¸æ

°ä²¼¹¦·ò 2020-03-18

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-8467£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.1£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8468£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.0£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8470£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8598£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-8599£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Apex One (on premise) 2019

OfficeScan XG SP1

OfficeScan XG (non-SP)


·ì϶¸ÅÊö


½üÈÕ£¬Ç÷Ïò¿Æ¼¼°ä²¼°²È«¸üУ¬½¨¸´ÁËÁ½¸öÒÑÔÚÒ°±íÀûÓõÄ0dayºÍÁí±í3¸öÑϳÁ·ì϶¡£¸ÅÊöÈçÏ£º


CVE-2020-8467

Apex OneºÍOfficeScanµÄǨá㹤¾ß×é¼þÖеķì϶£¬¿Éµ¼ÖÂRCE£¬¹¥»÷±ØÒªÓû§Éí·ÝÈÏÖ¤¡£


CVE-2020-8468

Apex OneºÍOfficeScan´úÀíÊܵ½ÄÚÈÝÑé֤תÒå·ì϶µÄÓ°Ï죬¿ÉÔÊÐí¹¥»÷Õ߰ѳÖijЩ´úÀí¿Í»§¶Ë×é¼þ£¬¹¥»÷±ØÒªÓû§Éí·ÝÈÏÖ¤¡£


CVE-2020-8470

rend Micro Apex OneºÍOfficeScan·þÎñÆ÷Ô̺¬Ò»¸öÒ×Êܹ¥»÷µÄ·þÎñDLLÎļþ£¬¹¥»÷ÕßÄܹ»Ê¹ÓÃSYSTEMȨÏÞɾ³ý·þÎñÆ÷ÉϵÄÈκÎÎļþ¡£ÀûÓô˷ì϶²»±ØÒªÉí·ÝÑéÖ¤¡£


CVE-2020-8598

OfficeScan·þÎñÆ÷Ô̺¬Ò×Êܹ¥»÷µÄ·þÎñDLLÎļþ£¬Ô¶³Ì¹¥»÷ÕßÄܹ»Ê¹ÓÃSYSTEMȨÏÞÔÚÊÜÓ°ÏìµÄ×°ÖÃÉÏÖ´ÐÐËÁÒâ´úÂë¡£ÀûÓô˷ì϶²»±ØÒªÉí·ÝÑéÖ¤¡£


CVE-2020-8599

OfficeScan·þÎñÆ÷Ô̺¬Ò»¸öÒ×Êܹ¥»÷µÄEXEÎļþ£¬Ô¶³Ì¹¥»÷ÕßÄܹ»Í¨¹ý¸ÃÎļþ½«ËÁÒâÊý¾ÝдÈëÊÜÓ°Ïì×°ÖõÄËÁÒâõ辶²¢ÈƹýRootµÇ¼¡£ÀûÓô˷ì϶²»±ØÒªÉí·ÝÑéÖ¤¡£


·ì϶ÑéÖ¤


ÔÝÎÞPoC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°¹Ù·½ÒÑ°ä²¼×îа汾½¨¸´¸Ã·ì϶£¬Á´½Ó£ºhttps://success.trendmicro.com/solution/000245571¡£


²Î¿¼Á´½Ó


https://www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/