CVE-2006-0002
CVSS7.5
发布时间 :2006-01-10 17:03:00
修订时间 :2011-04-12 00:00:00
NMCPS    

[原文]Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.


[CNNVD]Microsoft Outlook/Exchange TNEF解码远程代码执行漏洞 (CNNVD-200601-092)

        Microsoft Outlook和Exchange都是微软发布的邮件处理软件。
        Microsoft Outlook和Microsoft Exchange Server解码传输中立封装格式(TNEF)MIME附件的方式存在漏洞,攻击者可能利用此漏洞在机器上执行任意指令。攻击者可以创建特制的TNEF消息,如果用户打开或浏览了恶意的邮件消息或Microsoft Exchange Server Information Store处理了该特制消息的话,就可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:office:xp:sp3Microsoft Office XP Service Pack 3
cpe:/a:microsoft:outlook:2002:sp3Microsoft Outlook 2002 Service Pack 3
cpe:/a:microsoft:exchange_server:2000:sp3Microsoft Exchange Server 2000 Service Pack 3
cpe:/a:microsoft:exchange_server:5.5:sp1Microsoft Exchange Server 5.5 Service Pack 1
cpe:/a:microsoft:outlook:2003Microsoft Outlook 2003
cpe:/a:microsoft:exchange_server:5.0Microsoft exchange_srv 5.0
cpe:/a:microsoft:exchange_server:5.0:sp2Microsoft Exchange Server 5.0 Service Pack 2
cpe:/a:microsoft:office:2000:sp3Microsoft Office 2000 sp3
cpe:/a:microsoft:exchange_server:5.5Microsoft exchange_srv 5.5
cpe:/a:microsoft:exchange_server:5.5:sp4Microsoft Exchange Server 5.5 Service Pack 4
cpe:/a:microsoft:exchange_server:5.0:sp1Microsoft Exchange Server 5.0 Service Pack 1
cpe:/a:microsoft:exchange_server:5.5:sp2Microsoft Exchange Server 5.5 Service Pack 2
cpe:/a:microsoft:exchange_server:5.5:sp3Microsoft Exchange Server 5.5 Service Pack 3
cpe:/a:microsoft:outlook:2000:sp3Microsoft Outlook 2000 sp3
cpe:/a:microsoft:office:2003:sp2Microsoft Office 2003 sp2
cpe:/a:microsoft:office:2003:sp1Microsoft Office 2003 sp1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:624Exchange Server 5.5 TNEF Decoding Vulnerability
oval:org.mitre.oval:def:1485Outlook 2000 TNEF Decoding Vulnerability
oval:org.mitre.oval:def:1456Outlook 2003 TNEF Decoding Vulnerability
oval:org.mitre.oval:def:1316Exchange Server 5.0 TNEF Decoding Vulnerability
oval:org.mitre.oval:def:1165Outlook 2002 TNEF Decoding Vulnerability
oval:org.mitre.oval:def:1082Exchange 2000 Server TNEF Decoding Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0002
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0002
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-092
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-010A.html
(VENDOR_ADVISORY)  CERT  TA06-010A
http://www.kb.cert.org/vuls/id/252146
(VENDOR_ADVISORY)  CERT-VN  VU#252146
http://www.securityfocus.com/bid/16197
(PATCH)  BID  16197
http://www.securityfocus.com/archive/1/archive/1/421520/100/0/threaded
(PATCH)  BUGTRAQ  20060110 Microsoft Outlook Critical Vulnerability
http://www.securityfocus.com/archive/1/archive/1/421518/100/0/threaded
(PATCH)  BUGTRAQ  20060110 Microsoft Exchange Critical Vulnerability
http://www.microsoft.com/technet/security/bulletin/ms06-003.mspx
(VENDOR_ADVISORY)  MS  MS06-003
http://securitytracker.com/id?1015461
(PATCH)  SECTRACK  1015461
http://securitytracker.com/id?1015460
(PATCH)  SECTRACK  1015460
http://secunia.com/advisories/18368
(VENDOR_ADVISORY)  SECUNIA  18368
http://xforce.iss.net/xforce/xfdb/22878
(UNKNOWN)  XF  win-tnef-overflow(22878)
http://www.vupen.com/english/advisories/2006/0119
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0119
http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
http://securityreason.com/securityalert/331
(UNKNOWN)  SREASON  331
http://securityreason.com/securityalert/330
(UNKNOWN)  SREASON  330

- 漏洞信息

Microsoft Outlook/Exchange TNEF解码远程代码执行漏洞
高危 边界条件错误
2006-01-10 00:00:00 2006-05-05 00:00:00
远程  
        Microsoft Outlook和Exchange都是微软发布的邮件处理软件。
        Microsoft Outlook和Microsoft Exchange Server解码传输中立封装格式(TNEF)MIME附件的方式存在漏洞,攻击者可能利用此漏洞在机器上执行任意指令。攻击者可以创建特制的TNEF消息,如果用户打开或浏览了恶意的邮件消息或Microsoft Exchange Server Information Store处理了该特制消息的话,就可能执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接
        http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx

- 漏洞信息 (F42977)

Technical Cyber Security Alert 2006-10A (PacketStormID:F42977)
2006-01-11 00:00:00
US-CERT  us-cert.gov
advisory,remote,denial of service,arbitrary,vulnerability
windows
CVE-2006-0002,CVE-2006-0010
[点击下载]

Technical Cyber Security Alert TA06-010A - Microsoft has released updates that address critical vulnerabilities in Windows, Outlook, and Exchange. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   
                        National Cyber Alert System

                 Technical Cyber Security Alert TA06-010A


Microsoft Windows, Outlook, and Exchange Vulnerabilities

   Original release date: January 10, 2006
   Last revised: January 10, 2006
   Source: US-CERT


Systems Affected

     * Microsoft Windows
     * Microsoft Outlook
     * Microsoft Exchange

   For more complete information, refer to the Microsoft Security
   Bulletin Summary for January 2006.


Overview

   Microsoft has released updates that address critical vulnerabilities
   in Windows, Outlook, and Exchange. Exploitation of these
   vulnerabilities could allow a remote, unauthenticated attacker to
   execute arbitrary code or cause a denial of service on a vulnerable
   system.


I. Description

   Microsoft Security Bulletins for January 2006 address vulnerabilities
   in Microsoft Windows, Outlook, and Exchange. Further information is
   available in the following US-CERT Vulnerability Notes:

   VU#915930 - Microsoft embedded web font buffer overflow 

   A heap-based buffer overflow in the way Microsoft Windows processes
   embedded web fonts may allow a remote, unauthenticated attacker to
   execute arbitrary code on a vulnerable system.
   (CVE-2006-0010)

   VU#252146 - Microsoft Outlook and Microsoft Exchange TNEF decoding
   vulnerability 

   Microsoft Outlook and Microsoft Exchange contain an unspecified
   vulnerability in processing TNEF attachments. This may allow a remote,
   unauthenticated attacker to execute arbitrary code on a system running
   the vulnerable software.
   (CVE-2006-0002)


II. Impact

   Exploitation of these vulnerabilities may allow a remote,
   unauthenticated attacker to execute arbitrary code with the privileges
   of the user. If the user is logged on with administrative privileges,
   the attacker could take complete control of an affected system. An
   attacker may also be able to cause a denial of service.


III. Solution

Apply Updates

   Microsoft has provided the updates for these vulnerabilities in the
   Security Bulletins and on the Microsoft Update site.

Workarounds

   Please see the US-CERT Vulnerability Notes in Appendix A for workarounds.


Appendix A. References

     * Microsoft Security Bulletin Summary for January 2006 -
       <http://www.microsoft.com/technet/security/bulletin/ms06-jan.mspx>

     * US-CERT Vulnerability Note VU#915930 -
       <http://www.kb.cert.org/vuls/id/915930>

     * US-CERT Vulnerability Note VU#252146 -
       <http://www.kb.cert.org/vuls/id/252146>

     * CVE-2006-0002 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0002>

     * CAN-2006-0010 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0010>

     * Microsoft Update - <https://update.microsoft.com/microsoftupdate>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA06-010A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA06-010A Feedback VU#915930" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________



Revision History

   January 10, 2006: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ8Q6Bn0pj593lg50AQIL7Qf8CadB1mP4WdchYj+Ge/kKkSYCps/Q5y0S
6sgEiToVljKCUfdBEBbBomuXR5tFlHaIItefeFhzPIAJcVLkudXP3EcwvM8tvDN6
LpnGUquKucZUHFYUbuDdYcYvLRkXf5zTb3dS/zh03UfW2Gn/5s6zyBab30BGl7r/
LRSoF2bVPRY0E2RhYYK1RzY68/ZyPmES0s11RAx5F0QiejQNv/i32jTuoh2SyxIw
4L70DZm/vuAqDsSFCjYb2YUsScKIMJwmU4Hv39J/+dB0TARV7nhscSIHAXXBaccU
XBrGgSJCc+4YZq/8PnpWuDmEBMLcOuAcv8LXjBbcodAWRBwAPBXcBg==
=9cnz
-----END PGP SIGNATURE-----
    

- 漏洞信息

Microsoft Outlook / Microsoft Exchange TNEF Decoding Remote Code Execution Vulnerability
Boundary Condition Error 16197
Yes No
2006-01-10 12:00:00 2006-02-07 08:53:00
Discovered by John Heasman and Marc Litchfield of NGS Software.

- 受影响的程序版本

Nortel Networks Self-Service 0
Nortel Networks Passport Multiservice Data Manager (MDM)
Nortel Networks Optivity Telephony Manager for SL-100
Microsoft Outlook 2003 0
+ Microsoft Office 2003 SP3
+ Microsoft Office 2003 SP3
+ Microsoft Office 2003 SP2
+ Microsoft Office 2003 SP2
+ Microsoft Office 2003 SP1
+ Microsoft Office 2003 SP1
+ Microsoft Office 2003 0
+ Microsoft Office 2003 0
Microsoft Outlook 2002 SP3
+ Microsoft Office XP SP3
+ Microsoft Office XP SP3
Microsoft Outlook 2000 SP3
+ Microsoft Office 2000 SP3
+ Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
Microsoft Office XP SP3
+ Microsoft Excel 2002 SP3
+ Microsoft Excel 2002 SP3
+ Microsoft FrontPage 2002 SP3
+ Microsoft FrontPage 2002 SP3
+ Microsoft Outlook 2002 SP3
+ Microsoft Outlook 2002 SP3
+ Microsoft PowerPoint 2002 SP3
+ Microsoft PowerPoint 2002 SP3
+ Microsoft Publisher 2002 SP3
+ Microsoft Publisher 2002 SP3
Microsoft Office 2003 SP2
Microsoft Office 2003 SP1
Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 5.5 SP4
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5 SP3
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5 SP2
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5 SP1
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.0 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0

- 漏洞讨论

Microsoft Exchange Server and Outlook email clients are prone to a remote code-execution vulnerability.

This vulnerability presents itself when the applications decode a message containing a specially crafted TNEF MIME attachment. Successful exploitation may result in arbitrary code execution facilitating a remote compromise.

An attack against Microsoft Exchange Server could lead to a SYSTEM-level remote compromise, while attacks against Outlook would result in arbitrary code execution in the context of the current user.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案


Microsoft has released fixes for supported applications.

Nortel has released an advisory (2006006583) to identify vulnerable products. The vendor advises customers to follow Microsoft's recommendations and install fixes supplied by Microsoft.


Microsoft Exchange Server 5.0 SP2

Microsoft Office XP SP3

Microsoft Office 2003 SP2

Microsoft Office 2000 SP3

Microsoft Exchange Server 2000 SP3

Microsoft Office 2003 SP1

Microsoft Exchange Server 5.5 SP4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站