{"id":685,"date":"2012-01-17T10:39:55","date_gmt":"2012-01-17T02:39:55","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=685"},"modified":"2012-01-17T11:19:04","modified_gmt":"2012-01-17T03:19:04","slug":"2011%e5%b9%b4%e5%9b%9e%e9%a1%a7%ef%bc%9a%e6%bc%8f%e6%b4%9e%e5%92%8c%e5%bc%b1%e9%bb%9e%e6%94%bb%e6%93%8a","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=685","title":{"rendered":"2011\u5e74\u56de\u9867\uff1a\u6f0f\u6d1e\u548c\u5f31\u9ede\u653b\u64ca(37\uff05\u4f7f\u7528\u8005\u7528\u4e0d\u5b89\u5168\u7684Java\u7248\u672c\u700f\u89bd\u7db2\u9801;56\uff05\u7684\u4f01\u696d\u4f7f\u7528\u8005\u7528\u7684\u662f\u6709\u5f31\u9ede\u7684Adobe)"},"content":{"rendered":"

 <\/p>\n

\"\"<\/p>\n

\u5728\u6700\u8fd1\u5e7e\u5e74\uff0c\u6211\u5011\u770b\u5230\u4e86\u99ed\u5ba2\u66f4\u52a0\u5c08\u6ce8\u7684\u5728\u5c0b\u627e\u5ba2\u6236\u7aef\u8edf\u9ad4\u7684\u843d\u9ede\u3002\u5230\u4e862011\u5e74\uff0c\u9019\u985e\u578b\u7684\u5a01\u8105\u5df2\u7d93\u8b8a\u5f97\u65e2\u8907\u96dc\u53c8\u7cbe\u5bc6\u4e86\u3002\u653b\u64ca\u8005\u8d8a\u4f86\u8d8a\u5927\u91cf\u7684\u4f7f\u7528\u96f6\u6642\u5dee\u5f31\u9ede\uff0c\u5176\u4e2d\u6709\u4e9b\u662f\u975e\u5e38\u56b4\u91cd\u7684\u6f0f\u6d1e\u3002\u50cf\u662fDuqu\u6240\u5229\u7528\u7684\u5f31\u9ede\uff08CVE-2011-3402<\/em>\uff09\u3001Java<\/em>\u5f31\u9ede\uff08CVE-2011-3544<\/em>\uff09\u6216Adobe\u8edf\u9ad4\u7684\u96f6\u6642\u5dee\u5f31\u9ede\uff0c\u90fd\u88ab\u5229\u7528\u4f86\u4f5c\u70ba\u5f31\u9ede\u653b\u64ca\u3002<\/p>\n

 <\/p>\n

\u6211\u5011\u5728\u4eca\u5e74\u6240\u770b\u5230\u7684\u5f31\u9ede\u653b\u64ca\u90fd\u5f88\u5177\u6709\u91dd\u5c0d\u6027\u3001\u539f\u5275\u6027\u3001\u8907\u96dc\u4e14\u63a7\u5236\u6e96\u78ba\u3002<\/p>\n

 <\/p>\n

\u800c\u6240\u6709\u7684\u8edf\u9ad4\u88e1\uff0c\u6700\u88ab\u91dd\u5c0d\u7684\u5c31\u662fAdobe Acrobat<\/em>\u3001Reader<\/em>\u548cFlash Player<\/em>\uff1bJava\u57f7\u884c\u74b0\u5883<\/em>\uff08Java Runtime Environment<\/em>\uff0cJRE<\/em>\uff09\/ Java<\/em>\u958b\u767c\u74b0\u5883<\/em>\uff08Java Development Kit<\/em>\uff0cJDK<\/em>\uff09\u9084\u6709IE\u700f\u89bd\u5668<\/em>\u3002\u6f0f\u6d1e\u5de5\u5177\u5305\u50cf\u662fBlack Hole<\/em>\u548cPhoenix<\/em>\u4e5f\u90fd\u5229\u7528\u9019\u4e9b\u8edf\u9ad4\u7684\u6f0f\u6d1e\u653b\u64ca\u78bc\u4f86\u63d0\u4f9b\u653b\u64ca\u7684\u6210\u529f\u6a5f\u7387\u3002\u6211\u5011\u4e5f\u770b\u5230\u700f\u89bd\u5668\u5ee0\u5546\u5011\u5728\u9019\u4e00\u5e74\u5167\u767c\u5e03\u591a\u6b21\u7684\u4fee\u88dc\u7a0b\u5f0f\u4f86\u4fee\u88dc\u95dc\u9375\u6f0f\u6d1e\u3002<\/p>\n

 <\/p>\n

\u653b\u64ca\u5bb9\u6613\u6210\u529f\u662f\u56e0\u70ba\u6709\u5f88\u9ad8\u6bd4\u4f8b\u7684\u4f7f\u7528\u8005\u90fd\u9084\u662f\u7528\u672a\u7d93\u4fee\u88dc\u3001\u6709\u5f31\u9ede\u7684\u8edf\u9ad4\u7248\u672c\u3002\u6839\u64da\u4e00\u4efd CSIS<\/a>\u7684\u7814\u7a76\u5831\u544a\uff0c\u670937\uff05\u7684\u4f7f\u7528\u8005\u9084\u662f\u7528\u4e0d\u5b89\u5168\u7684Java<\/em>\u7248\u672c\u4f86\u700f\u89bd\u7db2\u9801\u3002\u4e00\u4efdZscaler\u7684\u8abf\u67e5\u5831\u544a\u4e5f\u6307\u51fa56\uff05\u7684\u4f01\u696d\u4f7f\u7528\u8005\u7528\u7684\u662f\u6709\u5f31\u9ede\u7684Adobe\u7522\u54c1\u7248\u672c\u3002\u6240\u4ee5\u4f48\u7f72\u865b\u64ec\u4fee\u88dc\u6280\u8853\u4e5f\u8b8a\u6210\u5b89\u5168\u7ba1\u7406\u4eba\u54e1\u8a72\u505a\u7684\u4e8b\u60c5\uff0c\u50cf\u662f\u8da8\u52e2\u79d1\u6280\u53ef\u4fdd\u8b77\u5be6\u9ad4\u3001\u865b\u64ec\u8207\u96f2\u7aef\u4f3a\u670d\u5668\u514d\u53d7\u60e1\u610f\u653b\u64ca\u7684 Deep Security<\/a>\u6216\u662fOfficeScan<\/a>\u00a0IDF<\/em>\u5916\u639b\u7a0b\u5f0f\u3002<\/p>\n

\u00a0\u4f3a\u670d\u5668\u7684\u5b89\u5168\u6f0f\u6d1e<\/strong><\/p>\n

\u00a0\u8aaa\u5230\u9019\u88e1\uff0c\u4f3a\u670d\u5668\u4f5c\u696d\u7cfb\u7d71\u65b9\u9762\u4e5f\u662f\u4e0d\u9051\u591a\u8b93\uff0c\u6709\u8457\u76f8\u4f3c\u7684\u554f\u984c\u3002\u5e95\u4e0b\u986f\u793a\u4e86Windows Server 2008<\/em>\u548cRedhat<\/em>\u7684\u5f31\u9ede\u6578\u91cf\u3002<\/p>\n

 <\/p>\n

\"\"<\/p>\n

\u4ee5\u4e0a\u6578\u64da\u4f86\u81eaCVE Details<\/a><\/p>\n

<\/p>\n

\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u9084\u6703\u5229\u7528\u7db2\u9801\u61c9\u7528\u7a0b\u5f0f\u7684\u5f31\u9ede\u3002SQL Injection\uff08\u8cc7\u6599\u96b1\u78bc\uff09\u653b\u64ca\u88ab\u7528\u4f86\u5165\u4fb5\u4e86\u6578\u4ee5\u767e\u842c\u8a08\u7684\u7db2\u9801\u3002\u5728\u5169\u8d77\u7368\u7acb\u7684\u5927\u898f\u6a21SQL Injection\u653b\u64ca\u88e1\uff0c\u60e1\u610f\u7a0b\u5f0f\u78bc\u88ab\u63d2\u5165\u5230\u6b63\u5e38\u7684\u7db2\u7ad9\u4e0a\u3002\u7b2c\u4e00\u6b21\u51fa\u73fe\u5728\u4e03\u6708\uff0c\u53d7\u5bb3\u8005\u9054\u5230800\u842c<\/a>\u500b\u7db2\u7ad9\u3002\u7b2c\u4e8c\u6b21\u767c\u751f\u5728\u5341\u6708\uff0c\u5f71\u97ff\u4e86100\u842c<\/a>\u500b\u7db2\u7ad9\u3002\u9664\u4e86\u200b\u200bSQL Injection\u653b\u64ca\u4e4b\u5916\uff0c\u5229\u7528Cross-Site Scripting\uff08\u8de8\u7ad9\u8173\u672c\uff0cXSS\uff09\u653b\u64ca\u3001Cross-Site Request Forgery\uff08\u8de8\u7ad9\u8acb\u6c42\u507d\u9020\uff0cCSRF\uff09\u3001Directory Traversal\uff08\u8de8\u76ee\u9304\u5b58\u53d6\uff09\u9084\u6709\u5176\u4ed6\u7db2\u9801\u61c9\u7528\u7a0b\u5f0f\u7684\u5f31\u9ede\uff08\u4f8b\u5982\uff1aPHP<\/em>\u3001WordPress<\/em>\u548cJoomla<\/em>\u7b49\uff09\u4e5f\u90fd\u5927\u91cf\u7684\u767c\u751f\uff0c\u800c\u4e14\u5728\u660e\u5e74\u4e5f\u6703\u7e7c\u7e8c\u51fa\u73fe\u3002<\/p>\n

 <\/p>\n

\u90e8\u5206\u503c\u5f97\u4e00\u63d0\u76842011\u5e74\u5f31\u9ede\uff1a<\/p>\n

 <\/p>\n

CVE-2011-0609<\/a> Adobe Flash Player\u7684SWF\u6a94\u6848\u9060\u7aef\u8a18\u61b6\u9ad4\u640d\u6bc0\u5f31\u9ede<\/p>\n

CVE-2011-3402<\/a> Win32\u6838\u5fc3\u7684True Type\u5b57\u9ad4\u5206\u6790\u5f31\u9ede<\/p>\n

CVE-2011-3544<\/a> Oracle Java SE Rhino\u8173\u672c\u5f15\u64ce\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\u5f31\u9ede<\/p>\n

CVE-2011-2462<\/a> Adobe Acrobat\u548cReader U3D\u8a18\u61b6\u9ad4\u640d\u6bc0\u5f31\u9ede<\/p>\n

CVE-2011-0611<\/a> Adobe Flash Player\u7684SWF\u6a94\u6848\u9060\u7aef\u8a18\u61b6\u9ad4\u640d\u6bc0\u5f31\u9ede<\/p>\n

CVE-2011-3192<\/a> Apache httpd\u7684\u9060\u7aef\u963b\u65b7\u5f0f\u653b\u64ca<\/p>\n

 <\/p>\n

\u4f7f\u7528\u8005\u53ef\u4ee5\u600e\u9ebc\u505a\uff1f<\/em><\/strong><\/p>\n

 <\/p>\n

\u70ba\u4e86\u9632\u6b62\u4e0a\u8ff0\u9019\u4e9b\u5f31\u9ede\u653b\u64ca\uff0c\u826f\u597d\u7684\u4fee\u88dc\u7ba1\u7406\u63aa\u65bd\u662f\u5fc5\u8981\u7684\u3002\u70ba\u4e86\u6e1b\u8f15\u4fee\u88dc\u9031\u671f\u9593\u7684\u640d\u5bb3\uff0c\u4e5f\u5fc5\u9808\u8981\u6709\u865b\u64ec\u4fee\u88dc\u89e3\u6c7a\u65b9\u6848\u4f86\u914d\u5408\u3002<\/p>\n

 <\/p>\n

\u6211\u5011\u57282011\u5e74\u6240\u770b\u5230\u7684\u9019\u4e9b\u8da8\u52e2\u57282012\u5e74\u4e5f\u6703\u7e7c\u7e8c\u4e0b\u53bb\u3002\u653b\u64ca\u624b\u6cd5\u6703\u8b8a\u5f97\u66f4\u52a0\u8907\u96dc\u3002\u5c0d\u9019\u4e9b\u5a01\u8105\u7684\u9632\u79a6\u4e5f\u5c31\u5fc5\u9808\u8ddf\u8457\u9032\u5316\u548c\u8abf\u6574\uff0c\u624d\u80fd\u57282012\u5e74\u7e7c\u7e8c\u4fdd\u6236\u4f7f\u7528\u8005\u3002<\/p>\n

 <\/p>\n

\uff20\u539f\u6587\u51fa\u8655\uff1a2011 in Review: Exploits and Vulnerabilities<\/a>\u4f5c\u8005\uff1aPawan Kinger\uff08\u5f31\u9ede\u7814\u7a76\u7d93\u7406\uff09<\/a><\/p>\n

 <\/p>\n

@\u5ef6\u4f38\u95b1\u8b80<\/p>\n

2011 \u56de\u9867:\u624b\u6a5f\u75c5\u6bd2\/\u884c\u52d5\u5a01\u8105<\/a><\/span><\/p>\n

\u8da8\u52e2\u79d1\u6280\u767c\u88682012\u8cc7\u5b89\u95dc\u9375\u5341\u4e8c\u5927\u9810\u6e2c<\/a><\/span><\/p>\n

2011 \u91d1\u6bd2\u734e\u3010\u5f97\u734e\u540d\u55ae\u3011\u8207\u3010\u5f97\u734e\u7406\u7531\u3011<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

  \u5728\u6700\u8fd1\u5e7e\u5e74\uff0c\u6211\u5011\u770b\u5230\u4e86\u99ed\u5ba2\u66f4\u52a0\u5c08\u6ce8\u7684\u5728\u5c0b\u627e\u5ba2\u6236\u7aef\u8edf\u9ad4\u7684\u843d\u9ede\u3002\u5230\u4e862011\u5e74\uff0c\u9019\u985e\u578b\u7684\u5a01\u8105\u5df2\u7d93\u8b8a\u5f97 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[195,156],"tags":[220,221,2292,25],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/685"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=685"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/685\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}