截止到2018年6月15日,绿盟科技漏洞库已收录总条目达到40102条。本周新增漏洞记录64条,其中高危漏 洞数量63条,中危漏洞数量1条,低危漏洞数量0条。本周焦点漏洞关注Adobe Flash Player远程代码执行漏洞。在Adobe Flash Player 29.0.0.171及更早版本上存在类型混淆漏洞,成功利用后可使攻击者执行任意代 码。
一. 互联网安全威胁态势
1.1 CVE统计
最近一周CVE公告总数与前期相比无明显起伏。
1.2 威胁信息回顾
- 标题:Acfun用户数据泄露
时间:2018-06-14
简介:近日,弹幕视频网站AcFun(A站)发布官方声明称其网站被黑客攻击,千万条用户信息泄 露,包括用户名ID与密码等。这些泄露的用户信息在暗网上已被公开出售,同时出售的还包括其 他商家的用户信息。攻击者在论坛中表示自己也是A站的忠实用户,只是为了提醒A站能及时修 补漏洞,在达到目的以后,删除了已获取到的数据。
链接:http://toutiao.secjia.com/article/page?topid=110338
- 标题:New ‘Lazy FP State Restore’ Vulnerability Found in All Modern Intel CPUs
时间:2018-06-13
简介:Hell Yeah! Another security vulnerability has been discovered in Intel chips that
affects the processor’s speculative execution technology—like Specter and
Meltdown—and could potentially be exploited to access sensitive information,
including encryption related data.
链接:https://thehackernews.com/2018/06/intel-processor-vulnerability.html? utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+- +Security+Blog%29
- 标题:Dixons Carphone breach: Millions of card and user data compromised
时间:2018-06-13
简介:A prominent United Kingdom-based retailer has suffered a massive data breach in which personal and financial data of millions of customers have been compromised.
链接:https://www.hackread.com/dixons-carphone-breach-card-user-data- compromised/
- 标题:Amazon Fire TV & Fire TV Stick hit by crypto mining Android malware
时间:2018-06-12
简介:A traditional malware aims at stealing user data or keep an eye on victim’s online activities whereas depending on its capabilities a crypto mining malware not only steals data but also uses computing power (CPU) of victim’s PC to mine cryptocurrency and slow down its performance.
链接:https://www.hackread.com/amazon-fire-tv-fire-tv-stick-crypto-mining-android- malware/
- 标题:Signature Validation Bug Let Malware Bypass Several Mac Security Products
时间:2018-06-12
简介:A years-old vulnerability has been discovered in the way several security
products for Mac implement Apple’s code-signing API that could make it easier for
malicious programs to bypass the security check, potentially leaving millions of Apple
users vulnerable to hackers.
链接:https://thehackernews.com/2018/06/apple-mac-code-signing.html? utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+- +Security+Blog%29
- 标题:US debuts world’s fastest supercomputer
时间:2018-06-11
简介:China’s Sunway TaihuLight supercomputer, until now the world’s most powerful machine, has a processing power of 93 petaflops. 链接:https://www.bbc.com/news/technology-44439515
(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)
二. 漏洞研究
2.1 漏洞库统计
截止到2018年6月15日,绿盟科技漏洞库已收录总条目达到40102条。本周新增漏洞记录64条,其中高危漏 洞数量63条,中危漏洞数量1条,低危漏洞数量0条。
- Adobe Flash Player越界读漏洞(CVE-2018-5001)
危险等级:高
BID:104413
cve编号:CVE-2018-5001
- Adobe Flash Player整数溢出漏洞(CVE-2018-5000)
危险等级:高
BID:104413
cve编号:CVE-2018-5000
- Adobe Flash Player类型混淆漏洞(CVE-2018-4945)
危险等级:高
BID:104413
cve编号:CVE-2018-4945
- Adobe Flash Player栈缓冲区溢出漏洞(CVE-2018-5002)
危险等级:高
BID:104412
cve编号:CVE-2018-5002
- Cisco Meeting Server信息泄露漏洞(CVE-2018-0263)
危险等级:高
BID:104419
cve编号:CVE-2018-0263
- 思科多个产品拒绝服务漏洞(CVE-2017-6779)
危险等级:高
cve编号:CVE-2017-6779
- Cisco AppDynamics App iQ Platform SQL注入漏洞(CVE-2018-0225)
危险等级:中
cve编号:CVE-2018-0225
- Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware拒绝服务漏洞(CVE-2018- 0316)
危险等级:高
cve编号:CVE-2018-0316
- Cisco IOS XE Software 远程代码执行漏洞(CVE-2018-0315)
危险等级:高
BID:104410 cve编号:CVE-2018-0315
- Cisco Adaptive Security Appliance拒绝服务漏洞(CVE-2018-0296)
危险等级:高
cve编号:CVE-2018-0296
- Cisco Network Services Orchestrator任意命令执行漏洞(CVE-2018-0274)
危险等级:高
cve编号:CVE-2018-0274
- Cisco Prime Collaboration Provisioning访问限制绕过漏洞(CVE-2018-0317)
危险等级:高
BID:104432
cve编号:CVE-2018-0317
- Cisco Prime Collaboration Provisioning安全限制绕过漏洞(CVE-2018-0318)
危险等级:高
BID:104434
cve编号:CVE-2018-0318
- Microsoft Edge远程内存破坏漏洞(CVE-2018-8110)
危险等级:高
BID:104330
cve编号:CVE-2018-8110
- Cisco Prime Collaboration Provisioning安全限制绕过漏洞(CVE-2018-0319)
危险等级:高
BID:104431
cve编号:CVE-2018-0319
- Microsoft Edge远程内存破坏漏洞(CVE-2018-8111)
危险等级:高
BID:104335
cve编号:CVE-2018-8111
- Microsoft Edge远程信息泄露漏洞(CVE-2018-0871)
危险等级:高
BID:104339
cve编号:CVE-2018-0871
- Microsoft Edge远程内存破坏漏洞(CVE-2018-8236)
危险等级:高
BID:104336
cve编号:CVE-2018-8236
- Microsoft Edge远程信息泄露漏洞(CVE-2018-8234)
危险等级:高
BID:104340
cve编号:CVE-2018-8234
- Microsoft Edge安全限制绕过漏洞(CVE-2018-8235)
危险等级:高
BID:104343
cve编号:CVE-2018-8235
- Microsoft Internet Explorer脚本引擎远程内存破坏漏洞(CVE-2018-8267)
危险等级:高
BID:104404 cve编号:CVE-2018-8267
- Microsoft Windows DNSAPI远程代码执行漏洞(CVE-2018-8225) 危险等级:高
BID:104395
cve编号:CVE-2018-8225
- Microsoft Windows任意代码执行漏洞(CVE-2018-8213)
危险等级:高
BID:104406 cve编号:CVE-2018-8213
- Microsoft Internet Explorer远程内存破坏漏洞(CVE-2018-8249)
危险等级:高
BID:104363
cve编号:CVE-2018-8249
- Microsoft Chakra脚本引擎远程内存破坏漏洞(CVE-2018-8243)
危险等级:高
BID:104403
cve编号:CVE-2018-8243
- Microsoft Windows ‘HTTP.sys’远程代码执行漏洞(CVE-2018-8231)
危险等级:高
BID:104373
cve编号:CVE-2018-8231
- Microsoft Chakra脚本引擎远程内存破坏漏洞(CVE-2018-8229)
危险等级:高 BID:104369
cve编号:CVE-2018-8229
- Microsoft Windows Media Foundation内存破坏漏洞(CVE-2018-8251)
危险等级:高
BID:104398 cve编号:CVE-2018-8251
- Microsoft Windows Kernel本地权限提升漏洞(CVE-2018-0982)
危险等级:高
BID:104382
cve编号:CVE-2018-0982
- Microsoft Windows WebDAV拒绝服务漏洞(CVE-2018-8175)
危险等级:高
BID:104359
cve编号:CVE-2018-8175
- Microsoft Windows HIDParser本地权限提升漏洞(CVE-2018-8169)
危险等级:高
BID:104356
cve编号:CVE-2018-8169
- Microsoft Windows Cortana本地权限提升漏洞(CVE-2018-8140)
危险等级:高
BID:104354
cve编号:CVE-2018-8140
- Microsoft Windows Kernel本地信息泄露漏洞(CVE-2018-8121)
危险等级:高
BID:104380
cve编号:CVE-2018-8121
- Microsoft Internet Explorer安全限制绕过漏洞(CVE-2018-8113)
危险等级:高
BID:104365
cve编号:CVE-2018-8113
- Microsoft Windows Code Integrity Module拒绝服务漏洞(CVE-2018-1040)
危险等级:高
BID:104389
cve编号:CVE-2018-1040
- Microsoft Windows NTFS本地权限提升漏洞(CVE-2018-1036)
危险等级:高
BID:104360 cve编号:CVE-2018-1036
- Microsoft Windows Desktop Bridge本地权限提升漏洞(CVE-2018-8208)
危险等级:高
BID:104392
cve编号:CVE-2018-8208
- Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8201)
危险等级:高
BID:104331
cve编号:CVE-2018-8201
- Microsoft Windows Kernel本地信息泄露漏洞(CVE-2018-8207)
危险等级:高
BID:104379
cve编号:CVE-2018-8207
- Microsoft Windows本地拒绝服务漏洞(CVE-2018-8205)
危险等级:高
BID:104391
cve编号:CVE-2018-8205
- Microsoft Windows Wireless Network Profile本地信息泄露漏洞(CVE-2018-8209)
危险等级:高
BID:104393
cve编号:CVE-2018-8209
- Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8221)
危险等级:高
BID:104338
cve编号:CVE-2018-8221
- Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8217)
危险等级:高
BID:104337
cve编号:CVE-2018-8217
- Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8216)
危险等级:高
BID:104334
cve编号:CVE-2018-8216
- Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8215)
危险等级:高
BID:104333
cve编号:CVE-2018-8215
- Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8212)
危险等级:高
BID:104328
cve编号:CVE-2018-8212
- Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8211)
危险等级:高
BID:104326
cve编号:CVE-2018-8211
- Microsoft Windows 远程代码执行漏洞(CVE-2018-8210)
危险等级:高
BID:104407
cve编号:CVE-2018-8210
- Microsoft Windows GDI组件信息泄露漏洞(CVE-2018-8239)
危险等级:高
BID:104401
cve编号:CVE-2018-8239
- Microsoft Office 远程权限提升漏洞(CVE-2018-8245)
危险等级:高
BID:104405
cve编号:CVE-2018-8245
- Microsoft Outlook远程权限提升漏洞(CVE-2018-8244) 危险等级:高
BID:104323
cve编号:CVE-2018-8244
- Microsoft Office 远程权限提升漏洞(CVE-2018-8247)
危险等级:高
BID:104319
cve编号:CVE-2018-8247
- Windows Desktop Bridge本地权限提升漏洞(CVE-2018-8214) 危险等级:高
BID:104394
cve编号:CVE-2018-8214
- Microsoft Excel 信息泄露漏洞(CVE-2018-8246)
危险等级:高
BID:104322
cve编号:CVE-2018-8246
- Microsoft Excel 远程代码执行漏洞(CVE-2018-8248)
危险等级:高
BID:104318
cve编号:CVE-2018-8248
- Microsoft SharePoint Server 远程权限提升漏洞(CVE-2018-8252)
危险等级:高
BID:104317
cve编号:CVE-2018-8252
- Microsoft SharePoint Server 远程权限提升漏洞(CVE-2018-8254)
危险等级:高
BID:104325
cve编号:CVE-2018-8254
- Microsoft Windows Hyper-V Code Integrity权限提升漏洞(CVE-2018-8219)
危险等级:高
BID:104353
cve编号:CVE-2018-8219
- Microsoft Chakra脚本引擎远程内存破坏漏洞(CVE-2018-8227)
危险等级:高
BID:104368
cve编号:CVE-2018-8227
- Microsoft Internet Explorer远程内存破坏漏洞(CVE-2018-0978)
危险等级:高
BID:104364
cve编号:CVE-2018-0978
- Microsoft Windows Hyper-V远程拒绝服务漏洞(CVE-2018-8218)
危险等级:高
BID:104402
cve编号:CVE-2018-8218
- Microsoft Windows Kernel本地权限提升漏洞(CVE-2018-8224)
危险等级:高
BID:104381
cve编号:CVE-2018-8224
- Microsoft Windows ‘HTTP.sys’远程拒绝服务漏洞(CVE-2018-8226)
危险等级:高
BID:104361
cve编号:CVE-2018-8226
- Microsoft Windows Kernel ‘Win32k.sys’本地权限提升漏洞(CVE-2018-8233) 危险等级:高
BID:104383
cve编号:CVE-2018-8233
(数据来源:绿盟科技安全研究部&产品规则组)
2.2 焦点漏洞
- Adobe Flash Player远程代码执行漏洞
NSFOCUS ID 40042
CVE ID
CVE-2018-5002
- 受影响版本
Adobe Flash Player <= 29.0.0.171
- 漏洞点评
Flash Player是Adobe公司推出的多媒体程序播放器。在Adobe Flash Player 29.0.0.171及更早版本上存在类型混淆漏洞,成功利用后可使攻击者执行任意代 码。目前,已经出现针对这个漏洞的攻击。Adobe为此发布了一个安全公告 (APSB18-19)以及相应补丁,请用户及时下载更新。
(数据来源:绿盟科技安全研究部& 产品规则组)