{"id":18133,"date":"2016-05-30T14:00:19","date_gmt":"2016-05-30T06:00:19","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=18133"},"modified":"2016-05-30T12:01:47","modified_gmt":"2016-05-30T04:01:47","slug":"imagemagick-%e8%bb%9f%e9%ab%94%e5%87%ba%e7%8f%be%e6%bc%8f%e6%b4%9e%ef%bc%8c%e4%bd%bf%e7%94%a8%e8%80%85%e5%8f%af%e8%83%bd%e4%b8%8a%e5%82%b3%e3%80%8c%e4%b8%ad%e6%af%92%e3%80%8d%e7%9a%84%e8%87%aa","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=18133","title":{"rendered":"ImageMagick \u8edf\u9ad4\u51fa\u73fe\u6f0f\u6d1e\uff0c\u4f7f\u7528\u8005\u53ef\u80fd\u4e0a\u50b3\u300c\u4e2d\u6bd2\u300d\u7684\u81ea\u62cd\u7167"},"content":{"rendered":"

<\/h1>\n

\u6839\u64da\u4e00\u7bc7\u5831\u5c0e<\/a>\uff0c\u77e5\u540d\u7684\u5f71\u50cf\u8655\u7406\u8edf\u9ad4 ImageMagick \u88ab\u767c\u73fe\u6709\u500b\u53ef\u80fd\u8b93\u7db2\u7ad9\u66b4\u9732\u65bc\u653b\u64ca\u98a8\u96aa\u7684\u6f0f\u6d1e\u3002\u9019\u9805\u8cc7\u5b89\u6f0f\u6d1e\u53ef\u80fd\u8b93\u53d7\u611f\u67d3\u7684\u5f71\u50cf\u9a19\u904e\u7db2\u7ad9\u4f3a\u670d\u5668\u800c\u57f7\u884c\u53ef\u8490\u96c6\u8cc7\u6599\u6216\u7aba\u63a2\u4f7f\u7528\u8005\u5e33\u865f\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\u3002\u6b64\u6f0f\u6d1e\u5c07\u5f71\u97ff\u90a3\u4e9b\u4f7f\u7528 ImageMagick \u8edf\u9ad4\u4ee5\u53ca\u90a3\u4e9b\u5141\u8a31\u4f7f\u7528\u8005\u4e0a\u50b3\u5f71\u50cf\u7684\u7db2\u7ad9\u670d\u52d9\u3002<\/p>\n

ImageMagick<\/a> \u662f\u4e00\u5c08\u9580\u4f86\u5efa\u7acb\u3001\u7de8\u8f2f\u3001\u5408\u6210\u53ca\u8f49\u63db\u5f71\u50cf\u7684\u5957\u88dd\u8edf\u9ad4\uff0c\u4e00\u4e9b\u793e\u7fa4\u5a92\u9ad4\u5e73\u53f0\u3001\u90e8\u843d\u683c\u7db2\u7ad9\u4ee5\u53ca\u5167\u5bb9\u7ba1\u7406\u7cfb\u7d71\uff0c\u90fd\u4f7f\u7528\u9019\u5957\u8edf\u9ad4\u4f86\u7e2e\u653e\u6216\u8abf\u6574\u4f7f\u7528\u8005\u4e0a\u50b3\u7684\u5f71\u50cf\u3002<\/p>\n

ImageMagick \u5728\u4e00\u4efd\u8072\u660e<\/a>\u7576\u4e2d\u56de\u61c9\u4e86\u9019\u9805\u5831\u5c0e\uff1a\u300c\u6211\u5011\u6700\u8fd1\u63a5\u7372\u4e00\u4e9b\u7a0b\u5f0f\u8a2d\u8a08\u5e2b\u901a\u5831\u7684\u6f0f\u6d1e\uff0c\u9019\u4e9b\u6f0f\u6d1e\u53ef\u80fd\u8b93\u99ed\u5ba2\u5f9e\u9060\u7aef\u57f7\u884c\u7a0b\u5f0f\u78bc\uff0c\u6216\u8005\u5728\u672c\u5730\u7aef\u96fb\u8166\u4e0a\u7522\u751f\u6a94\u6848\u3002<\/em>\u300d<\/p>\n

\u6b64\u6f0f\u6d1e\u662f\u7531\u8cc7\u5b89\u7814\u7a76\u4eba\u54e1 Stewie<\/a> \u4ee5\u53ca\u8cc7\u5b89\u5de5\u7a0b\u5e2b Nikolay Ermishkin<\/a> \u6240\u5171\u540c\u767c\u73fe\u3002\u6839\u64da\u8cc7\u5b89\u5c08\u5bb6\u8868\u793a\uff0c\u96d6\u7136\u9019\u9805\u5b89\u5168\u6f0f\u6d1e\u76ee\u524d\u4e26\u7121\u9032\u4e00\u6b65\u7684\u8cc7\u8a0a\uff0c\u4e0d\u904e\u537b\u4ee4\u4eba\u64d4\u6182<\/a>\uff0c\u56e0\u70ba\u5728\u6c92\u6709\u4fee\u88dc\u7a0b\u5f0f\u53ef\u4ee5\u964d\u4f4e\u640d\u5bb3\u7684\u72c0\u6cc1\u4e0b\uff0c\u8a72\u6f0f\u6d1e\u7684\u7d30\u7bc0\u5df2\u7d93\u5ee3\u70ba\u6d41\u50b3\u3002\u7531\u65bc\u6f0f\u6d1e\u8cc7\u8a0a\u5df2\u7d93\u66dd\u5149\uff0c\u8cc7\u5b89\u5c08\u5bb6\u4e5f\u5fc5\u9808\u958b\u59cb\u8ddf\u99ed\u5ba2\u5c55\u958b\u8cfd\u8dd1\uff0c\u624d\u80fd\u4fdd\u969c\u5168\u7403\u4f3a\u670d\u5668\u7684\u5b89\u5168\uff0c\u907f\u514d\u906d\u5230\u99ed\u5ba2\u5165\u4fb5\u3002<\/p>\n

\u8cc7\u5b89\u7814\u7a76\u4eba\u54e1 Ryan Huber \u5728\u4e00\u7bc7\u90e8\u843d\u683c<\/a>\u7576\u4e2d\u8868\u793a\uff1a\u300c\u6211\u5011\u4e00\u81f4\u8a8d\u70ba\uff0c\u6709\u95dc\u8a72\u6f0f\u6d1e\u7684\u6d88\u606f\u5df2\u7d93\u6d41\u50b3\u5230\u539f\u672c\u767c\u73fe\u6f0f\u6d1e\u7684\u4eba\u54e1\u4e4b\u5916\uff0c\u4e0d\u77e5\u6709\u591a\u5c11\u4eba\u5df2\u7d93\u77e5\u9053\u9019\u9805\u6d88\u606f\uff0c\u800c\u9019\u5c0d\u6bcf\u4f4d\u4f7f\u7528\u8a72\u8edf\u9ad4\u7684\u4eba\u4f86\u8aaa\uff0c\u90fd\u662f\u500b\u56b4\u91cd\u554f\u984c\u3002\u300d<\/em>\u4e8b\u5be6\u4e0a\uff0c\u5728\u6f0f\u6d1e\u63ed\u9732\u53ca\u901a\u5831\u7684 40 \u5206\u9418\u4e4b\u5f8c\uff0c\u5c31\u5df2\u7d93\u6709\u4eba\u88fd\u4f5c\u51fa\u6982\u5ff5\u9a57\u8b49\u653b\u64ca<\/a>\uff0c\u800c\u4e14\u7d93\u904e\u5be6\u9a57\u8b49\u660e\u6709\u6548\u3002<\/p>\n

\u672c\u6587\u622a\u7a3f\u4e4b\u524d\uff0c\u96d6\u7136\u516c\u53f8\u4ecd\u672a\u91cb\u51fa\u4efb\u4f55\u4fee\u88dc\u7a0b\u5f0f\uff0c\u4e0d\u904e\u537b\u9f13\u52f5\u7db2\u7ad9\u7db2\u7ad9\u7ba1\u7406\u54e1\u5728\u8a2d\u5b9a\u6a94\u4e2d\u52a0\u5165\u5e7e\u884c\u7a0b\u5f0f\u78bc\u4f86\u907f\u514d\u6f5b\u5728\u7684\u653b\u64ca\u3002\u9664\u6b64\u4e4b\u5916\uff0c\u4e5f\u547c\u7c72\u7db2\u7ad9\u61c9\u7528\u7a0b\u5f0f\u958b\u767c\u4eba\u54e1\u5c07 ImageMagick \u9694\u96e2\u5728\u6c99\u76d2\u74b0\u5883\u7576\u4e2d\u4ee5\u9650\u5236\u5176\u5b58\u53d6\u80fd\u529b\u3002\u672c\u9031\u6700\u5f8c\u6536\u5230\u7684\u6d88\u606f\u662f\uff0c7.0.1-1 \u8207 6.9.3-10 \u5169\u500b\u7248\u672c\u5c07\u5c0d\u524d\u8ff0\u767c\u73fe\u7684\u6f0f\u6d1e\u9032\u884c\u5fc5\u8981\u4fee\u88dc\u3002<\/p>\n

\u539f\u6587\u51fa\u8655\uff1aImageMagick Vulnerability Discovered, Users Could Be Uploading a \u201cPoisoned Selfie<\/a><\/p>\n

 <\/p>\n

PC-cillin 2016\u96f2\u7aef\u7248\u5df2\u6709\u589e\u52a0\u5c0d<\/span>\u52d2\u7d22\u8edf\u9ad4 Ransomware<\/a>\u52a0\u5bc6\u884c\u70ba\u7684\u9632\u8b77\u6a5f\u5236\uff0c\u53ef\u9810\u9632\u6a94\u6848\u88ab\u52d2\u7d22\u8edf\u9ad4\u60e1\u610f\u52a0\u5bc6<\/span><\/p>\n

\"Windows10Banner-540x90v5\"<\/a><\/p>\n

\u8da8\u52e2\u79d1\u6280PC-cillin\u96f2\u7aef\u7248<\/a> \uff0c\u69ae\u7372 AV-TEST \u300c\u6700\u4f73\u9632\u8b77\u300d\u734e,\u9818\u514828 \u6b3e\u5bb6\u7528\u8cc7\u5b89\u7522\u54c1\u9632\u6bd2\u8edf\u9ad4 ,\u53ef\u8de8\u5e73\u53f0\u540c\u6642\u652f\u63f4\u5b89\u88dd\u65bcWindows\u3001Mac\u96fb\u8166\u53caAndroid\u3001iOS \u667a\u6167\u578b\u624b\u6a5f\u8207\u5e73\u677f\u96fb\u8166\uff0c\u63a1\u7528\u5168\u7403\u7368\u5bb6\u8da8\u52e2\u79d1\u6280\u300c\u4e3b\u52d5\u5f0f\u96f2\u7aef\u622a\u6bd2\u6280\u8853\u300d\uff0c\u4ee5\u9818\u5148\u696d\u754c\u5e73\u5747 50 \u500d\u7684\u901f\u5ea6\u9632\u79a6\u60e1\u610f\u5a01\u8105\uff01\u5373\u523b\u514d\u8cbb\u4e0b\u8f09<\/a><\/p>\n

 <\/p>\n

\"say<\/a><\/p>\n

\u300b\u4e00\u822c\u7528\u6236<\/a> \u300b\u4e2d\u5c0f\u4f01\u696d\u7528\u6236<\/a> \u300b \u5927\u578b\u4f01\u696d<\/a><\/p>\n

 <\/p>\n

\u300a \u60f3\u4e86\u89e3\u66f4\u591a\u95dc\u65bc\u7db2\u8def\u5b89\u5168\u7684\u79d8\u8a23\u548c\u5efa\u8b70\uff0c\u53ea\u8981\u5230\u8da8\u52e2\u79d1\u6280\u7c89\u7d72\u7db2\u9801<\/a> \u6216\u4e0b\u9762\u7684\u6309\u9215\u6309\u8b9a \u300b<\/p>\n