CVE-2005-2628
CVSS5.1
发布时间 :2005-11-05 06:02:00
修订时间 :2011-03-07 21:24:47
NMCOPS    

[原文]Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.


[CNNVD]Macromedia Flash Player数组索引内存访问漏洞(MS06-020)(CNNVD-200511-129)

        Macromedia Flash Player是一款非常流行的FLASH播放器。Macromedia Flash Player用于播放SWF文件的Flash.ocx代码中存在漏洞,成功利用这个漏洞的攻击者可以远程执行任意代码。
        其中的一个函数栈维护有256个元素的函数指针表,没有强制数组边界便将从SWF文件读取的帧类型标识符用作了数组索引。以下反汇编描述了受影响的代码:
        .text:1002714F mov eax, [esi+0CA4h] ; type number
        .text:10027155 mov ecx, [esi+94h] ; base of table
        .text:1002715B lea eax, [ecx+eax*8] ; get element address
        .text:1002715E mov ecx, [eax] ;
        尽管索引没有被破坏,但很可能将其限制在0x8000,因此攻击者可以导致在栈中表底部后大约64K内存检索到函数指针。通常这个范围中包含有堆内存,因此攻击者可以轻易的控制函数指针值。
        

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:macromedia:flash_player:7.0_r19Macromedia Flash 7.0 r19
cpe:/a:macromedia:flash_player:6.0.65.0Macromedia Flash 6.0.65.0
cpe:/a:macromedia:flash_player:7.0.19.0Macromedia Flash 7.0.19.0
cpe:/a:macromedia:flash_player:6.0Macromedia Flash 6.0
cpe:/a:macromedia:flash_player:6.0.40.0Macromedia Flash 6.0.40.0
cpe:/a:macromedia:flash_player:6.0.79.0Macromedia Flash 6.0.79.0
cpe:/a:macromedia:flash_player:6.0.29.0Macromedia Flash 6.0.29.0
cpe:/a:macromedia:flash_player:6.0.47.0Macromedia Flash 6.0.47.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1987Remote Code Execution Vulnerability in Flash Player 6&7 (XP,SP1)
oval:org.mitre.oval:def:1557Remote Code Execution Vulnerability in Flash Player 6&7 (XP,SP2)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2628
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2628
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-129
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-132A.html
(UNKNOWN)  CERT  TA06-132A
http://www.us-cert.gov/cas/techalerts/TA06-129A.html
(UNKNOWN)  CERT  TA06-129A
http://www.kb.cert.org/vuls/id/146284
(UNKNOWN)  CERT-VN  VU#146284
http://www.securityfocus.com/bid/15332
(PATCH)  BID  15332
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html
(VENDOR_ADVISORY)  CONFIRM  http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html
http://www.vupen.com/english/advisories/2006/1779
(UNKNOWN)  VUPEN  ADV-2006-1779
http://www.vupen.com/english/advisories/2006/1744
(UNKNOWN)  VUPEN  ADV-2006-1744
http://www.vupen.com/english/advisories/2005/2317
(UNKNOWN)  VUPEN  ADV-2005-2317
http://www.osvdb.org/18825
(UNKNOWN)  OSVDB  18825
http://xforce.iss.net/xforce/xfdb/22959
(UNKNOWN)  XF  flashplayer-swf-execute-code(22959)
http://www.securityfocus.com/bid/17951
(UNKNOWN)  BID  17951
http://www.securityfocus.com/archive/1/archive/1/415789/30/0/threaded
(UNKNOWN)  BUGTRAQ  20051105 [EEYEB-20050627B] Macromedia Flash Player Improper Memory Access Vulnerability
http://www.redhat.com/support/errata/RHSA-2005-835.html
(UNKNOWN)  REDHAT  RHSA-2005:835
http://www.novell.com/linux/security/advisories/2005_27_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:027
http://www.microsoft.com/technet/security/bulletin/ms06-020.mspx
(UNKNOWN)  MS  MS06-020
http://www.gentoo.org/security/en/glsa/glsa-200511-21.xml
(UNKNOWN)  GENTOO  GLSA-200511-21
http://securitytracker.com/id?1015156
(UNKNOWN)  SECTRACK  1015156
http://secunia.com/advisories/20077
(UNKNOWN)  SECUNIA  20077
http://secunia.com/advisories/20045
(UNKNOWN)  SECUNIA  20045
http://secunia.com/advisories/17738
(UNKNOWN)  SECUNIA  17738
http://secunia.com/advisories/17626/
(UNKNOWN)  SECUNIA  17626
http://secunia.com/advisories/17481
(UNKNOWN)  SECUNIA  17481
http://secunia.com/advisories/17437/
(UNKNOWN)  SECUNIA  17437
http://secunia.com/advisories/17430
(UNKNOWN)  SECUNIA  17430
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
(UNKNOWN)  APPLE  APPLE-SA-2006-05-11

- 漏洞信息

Macromedia Flash Player数组索引内存访问漏洞(MS06-020)
中危 输入验证
2005-11-05 00:00:00 2005-11-15 00:00:00
远程  
        Macromedia Flash Player是一款非常流行的FLASH播放器。Macromedia Flash Player用于播放SWF文件的Flash.ocx代码中存在漏洞,成功利用这个漏洞的攻击者可以远程执行任意代码。
        其中的一个函数栈维护有256个元素的函数指针表,没有强制数组边界便将从SWF文件读取的帧类型标识符用作了数组索引。以下反汇编描述了受影响的代码:
        .text:1002714F mov eax, [esi+0CA4h] ; type number
        .text:10027155 mov ecx, [esi+94h] ; base of table
        .text:1002715B lea eax, [ecx+eax*8] ; get element address
        .text:1002715E mov ecx, [eax] ;
        尽管索引没有被破坏,但很可能将其限制在0x8000,因此攻击者可以导致在栈中表底部后大约64K内存检索到函数指针。通常这个范围中包含有堆内存,因此攻击者可以轻易的控制函数指针值。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://www.macromedia.com/go/getflash
        http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=d9c2fe33
        http://www.auscert.org.au/render.html?it=5722

- 漏洞信息 (F46386)

Technical Cyber Security Alert 2006-129A (PacketStormID:F46386)
2006-05-21 00:00:00
US-CERT  cert.org
advisory,remote,denial of service,arbitrary,vulnerability
windows
CVE-2006-0027,CVE-2006-0024,CVE-2005-2628
[点击下载]

Technical Cyber Security Alert TA06-129A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Exchange Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



                        National Cyber Alert System

                Technical Cyber Security Alert TA06-129A


Microsoft Windows and Exchange Server Vulnerabilities

   Original release date: May 9, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows
     * Microsoft Exchange Server

   For more complete information, refer to the Microsoft Security
   Bulletin Summary for May 2006.


Overview

   Microsoft has released updates that address critical vulnerabilities
   in Microsoft Windows and Exchange Server. Exploitation of these
   vulnerabilities could allow a remote, unauthenticated attacker to
   execute arbitrary code or cause a denial of service on a vulnerable
   system.


I. Description

   Microsoft Security Bulletin Summary for May 2006 addresses
   vulnerabilities in Microsoft Windows and Exchange Server. Further
   information is available in the following US-CERT Vulnerability Notes:


   VU#303452 - Microsoft Exchange fails to properly handle vCal and iCal
   properties 

   Microsoft Exchange Server does not properly handle the vCal and iCal
   properties of email messages. Exploitation of this vulnerability may
   allow a remote, unauthenticated attacker to execute arbitrary code on
   an Exchange Server.
   (CVE-2006-0027)


   VU#945060 - Adobe Flash products contain multiple vulnerabilities 

   Several vulnerabilities in Adobe Macromedia Flash products may allow a
   remote attacker to execute code on a vulnerable system.
   (CVE-2006-0024)


   VU#146284 - Macromedia Flash Player fails to properly validate the
   frame type identifier read from a "SWF" file 

   A buffer overflow vulnerability in some versions of the Macromedia
   Flash Player may allow a remote attacker to execute code on a
   vulnerable system.
   (CVE-2005-2628)


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code on a
   vulnerable system. An attacker may also be able to cause a denial of
   service.


III. Solution

Apply Updates

   Microsoft has provided updates for these vulnerabilities in the
   Security Bulletins. Microsoft Windows updates are available on the
   Microsoft Update site.

Workarounds

   Please see the US-CERT Vulnerability Notes for workarounds.


Appendix A. References

     * Microsoft Security Bulletin Summary for May 2006 -
       <http://www.microsoft.com/technet/security/bulletin/ms06-may.mspx>

     * Technical Cyber Security Alert TA06-075A -
       <http://www.us-cert.gov/cas/techalerts/TA06-075A.html>

     * US-CERT Vulnerability Note VU#303452 -
       <http://www.kb.cert.org/vuls/id/303452>

     * US-CERT Vulnerability Note VU#945060 -
       <http://www.kb.cert.org/vuls/id/945060>

     * US-CERT Vulnerability Note VU#146284 -
       <http://www.kb.cert.org/vuls/id/146284>

     * CVE-2006-0027 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0027>

     * CVE-2006-0024 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024>

     * CVE-2005-2628 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2628>

     * Microsoft Update - <https://update.microsoft.com/microsoftupdate>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA06-129A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA06-129A Feedback VU#303452" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   May 9, 2006: Initial release


    
    

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRGDvB30pj593lg50AQJkAQf9FqFX8S29GmV1pKfRCfkEY9ooi/ygyeyu
l+z2OpoJsu4BHhYbXahssZLutNh0UtpC2Qv17sgHP2xg2sIokqgqkdMH1WQn4kAw
x6RWPlI7hraIg/tY1lSZayZris4XMuDzNiqfpa/gN7oOSOtnIZ6Ky5+h5nIk+xxk
Q50BdlEHmw5e62LyW7qnBAoHuHzEQq/xS52DtTat+aigRYePq3SX2f8S4BpZyKzq
kQKN7kn2keseziuKCMEMNIH0bUunUr6M2kRsBPIBUrAi03Fmgx2Qfy7yMHRV/0Gg
A2jjB48O4m+fuHHQSVSP2gCtSbe9ChiWJ8Db1nY1pnsQ42fZvqQekg==
=nxe/
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F41301)

EEYEB-20050627B.txt (PacketStormID:F41301)
2005-11-05 00:00:00
Fang Xing  eeye.com
advisory,arbitrary
CVE-2005-2628
[点击下载]

eEye Security Advisory - eEye Digital Security has discovered a vulnerability in Macromedia Flash Player versions 6 and 7 that will allow an attacker to run arbitrary code in the context of the logged in user. An array boundary condition may be violated by a malicious SWF file in order to redirect execution into attacker-supplied data.

Macromedia Flash Player Improper Memory Access Vulnerability

Release Date:
November 4, 2005

Date Reported:
June 27, 2005

Severity:
High 

Vendor:
Macromedia

Systems Affected:
Macromedia Flash 6 (on all Windows platforms) 
Macromedia Flash 7 (on all Windows platforms)

Overview:
eEye Digital Security has discovered a vulnerability in Macromedia Flash
Player versions 6 and 7 that will allow an attacker to run arbitrary
code in the context of the logged in user.  An array boundary condition
may be violated by a malicious SWF file in order to redirect execution
into attacker-supplied data.

Technical Details:
The vulnerable code exists in Flash.ocx, which embodies the code
responsible for playing back SWF files.  One function maintains a large,
256-element table of function pointers on the stack, and uses a frame
type identifier read from the SWF file as an index into the array,
without enforcing the array boundaries.  The following disassembly
depicts the affected code:

    .text:1002714F    mov     eax, [esi+0CA4h]    ; type number
    .text:10027155    mov     ecx, [esi+94h]      ; base of table
    .text:1002715B    lea     eax, [ecx+eax*8]    ; get element address
    .text:1002715E    mov     ecx, [eax]          ; 

Although the index is not validated, its value is elsewhere restricted
to be at most 0x8000, so the attacker can cause a function pointer to be
retrieved from memory up to roughly 64KB after the base of the table on
the stack.  Typically this range will include heap memory, so by
planting specific data on the heap, the attacker can very easily control
the exact value of the function pointer.  Reliable exploitation using
this technique within Internet Explorer has been demonstrated by eEye
Digital Security.

Protection:
Retina Network Security Scanner has been updated to identify this
vulnerability.
Blink - Endpoint Vulnerability Prevention - protects from this
vulnerability.

Vendor Status:
Macromedia has addressed this issue in the following security bulletin;
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html

This vulnerability has been assigned the CVE identifier CAN-2005-2628
and OSVDB ID 18825.

Greetings:
Thanks Derek and and eEye guys help me wrote this advisory. Greeting
xfocus guys and venustech lab guys.

Credit:
Fang Xing

Copyright (c) 1998-2005 eEye Digital Security Permission is hereby
granted for the redistribution of this alert electronically. It is not
to be edited in any way without express consent of eEye. If you wish to
reprint the whole or any part of this alert in any other medium
excluding electronic medium, please email alert@eEye.com for permission.

Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are no warranties, implied or express, with regard to this information.
In no event shall the author be liable for any direct or indirect
damages whatsoever arising out of or in connection with the use or
spread of this information. Any use of this information is at the user's
own risk.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

18825
Macromedia Flash Player Flash.ocx Unspecified Function Arbitrary Code Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Flash.ocx, part of Macromedia Flash Player, fails to perform proper validation of the frame type identifier from SWF files. The frame type identifier is used as an index into an array of function pointers. With a specially crafted SWF file, a remote attacker can cause arbitrary code execution, resulting in a loss of integrity.

- 时间线

2005-11-03 Unknow
Unknow 2005-11-02

- 解决方案

Upgrade to Flash Player 8 (8.0.22.0) or Flash Player 7 update 7.0.60.0 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Macromedia Flash Array Index Memory Access Vulnerability
Input Validation Error 15332
Yes No
2005-11-05 12:00:00 2006-11-20 07:55:00
Discovered by Fang Xing of eEye.

- 受影响的程序版本

S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
Netscape Browser 8.0.4
Netscape Browser 8.0.3 .3
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 0
Microsoft Windows ME
Microsoft Windows 98SE
Microsoft Windows 98
Macromedia Flash 7.0.19 .0
Macromedia Flash 7.0 r19
Macromedia Flash 6.0.79 .0
Macromedia Flash 6.0.65 .0
Macromedia Flash 6.0.47 .0
Macromedia Flash 6.0.40 .0
Macromedia Flash 6.0.29 .0
Macromedia Flash 6.0
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 6.0
+ Microsoft Internet Explorer 6.0
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.0
+ Microsoft Internet Explorer 5.0
+ Microsoft Windows XP Embedded SP3
+ Microsoft Windows XP Embedded SP2
+ Microsoft Windows XP Home SP3
+ Microsoft Windows XP Home SP2
+ Microsoft Windows XP Media Center Edition SP3
+ Microsoft Windows XP Media Center Edition SP2
+ Microsoft Windows XP Professional SP3
+ Microsoft Windows XP Professional SP2
+ Microsoft Windows XP Professional x64 Edition SP2
+ Microsoft Windows XP Tablet PC Edition SP3
+ Microsoft Windows XP Tablet PC Edition SP2
+ Netscape Communicator 6.1
+ Netscape Communicator 6.1
+ Netscape Communicator 4.78
+ Netscape Communicator 4.78
+ Netscape Communicator 4.77
+ Netscape Communicator 4.77
+ Netscape Communicator 4.76
+ Netscape Communicator 4.76
+ Netscape Communicator 4.75
+ Netscape Communicator 4.75
+ Netscape Communicator 4.74
+ Netscape Communicator 4.74
+ Netscape Communicator 4.73
+ Netscape Communicator 4.73
+ Netscape Communicator 4.72
+ Netscape Communicator 4.72
+ Netscape Communicator 4.61
+ Netscape Communicator 4.61
+ Netscape Communicator 4.51
+ Netscape Communicator 4.51
+ Netscape Communicator 4.7
+ Netscape Communicator 4.7
+ Netscape Communicator 4.6
+ Netscape Communicator 4.6
+ RedHat netscape-common-4.76-11.i386.rpm
+ RedHat netscape-common-4.78-2.i386.rpm
+ RedHat netscape-common-4.79-1.i386.rpm
+ RedHat netscape-communicator-4.76-11.i386.rpm
+ RedHat netscape-communicator-4.78-2.i386.rpm
+ RedHat netscape-communicator-4.79-1.i386.rpm
+ RedHat netscape-navigator-4.76-11.i386.rpm
+ RedHat netscape-navigator-4.78-2.i386.rpm
+ RedHat netscape-navigator-4.79-1.i386.rpm
Gentoo Linux
Netscape Browser 8.1
Macromedia Flash 8.0.22 .0
Macromedia Flash 7.0.61 .0
Macromedia Flash 7.0.60 .0

- 不受影响的程序版本

Netscape Browser 8.1
Macromedia Flash 8.0.22 .0
Macromedia Flash 7.0.61 .0
Macromedia Flash 7.0.60 .0

- 漏洞讨论

The Flash plug-in is vulnerable to an input-validation error that can be reliably exploited to execute arbitrary code. The vulnerability is due to an input-validation error for a critical array index value.

An attacker can exploit this vulnerability to execute arbitrary code. The most likely vector of attack is through a malicious SWF file designed to trigger the vulnerability that has been placed on a website.

Macromedia Flash 6 and 7 are reported affected.

- 漏洞利用

eEye claims to have developed reliable exploit code.

- 解决方案

The vendor has released an update to address this issue.

Please see the referenced vendor advisories for details on obtaining and applying the appropriate updates.

NOTE: Reportedly, Netscape Browser version 8.1 based on Gecko code base (User-agent: Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20060111 Netscape/8.1) ships with Flash Player 8 version 8.0.22.0, which is not vulnerable to this issue.


Microsoft Windows XP Media Center Edition SP2
  • Microsoft Security Update for Flash Player (KB913433)
    downloads


Microsoft Windows XP Tablet PC Edition SP1
  • Microsoft Security Update for Flash Player (KB913433)
    downloads


Microsoft Windows XP Home SP2
  • Microsoft Security Update for Flash Player (KB913433)
    downloads


Microsoft Windows XP Tablet PC Edition SP2
  • Microsoft Security Update for Flash Player (KB913433)
    downloads


Microsoft Windows XP Media Center Edition SP1
  • Microsoft Security Update for Flash Player (KB913433)
    downloads


Microsoft Windows XP Home SP1
  • Microsoft Security Update for Flash Player (KB913433)
    downloads


Microsoft Windows XP Professional SP2
  • Microsoft Security Update for Flash Player (KB913433)
    downloads


Microsoft Windows XP Professional SP1
  • Microsoft Security Update for Flash Player (KB913433)
    downloads

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站