MailEnable¶à¸öÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-11

Îó²î±àºÅºÍ¼¶±ð



CVE±àºÅ£ºCVE-2019-12924£¬£¬£¬£¬ £¬ £¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬ £¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12925£¬£¬£¬£¬ £¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12927£¬£¬£¬£¬ £¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12926£¬£¬£¬£¬ £¬ £¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬ £¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12923£¬£¬£¬£¬ £¬ £¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬ £¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨



Ó°Ïì°æ±¾



ÊÜÓ°ÏìµÄ°æ±¾


MailEnable 10.24֮ǰ°æ±¾



Îó²î¸ÅÊö



MailEnable Enterprise PremiumÊÇ°Ä´óÀûÑÇMailEnable¹«Ë¾µÄÒ»Ì×POP3ºÍSMTPÓʼþЧÀÍÆ÷¡£¡£¡£¾ßÓи»ºñµÄͨË׺ÍÖÎÀíÓû§¹¦Ð§£¬£¬£¬£¬ £¬ £¬£¬ÓÉÓÚÆäʹÓüòÆÓÇÒ²¿·Ö°æ±¾Ãâ·Ñ£¬£¬£¬£¬ £¬ £¬£¬Óû§Öڶࡣ¡£¡£¸ÃÓ¦ÓóÌÐòÖ÷ҪʹÓÃ.NET Framework¾ÙÐпª·¢¡£¡£¡£


×èÖ¹ÏÖÔÚΪֹ£¬£¬£¬£¬ £¬ £¬£¬ÔÚÖйú̻¶µÄ×ʲúÊýĿΪ15,039̨¡£¡£¡£¿£¿£¿£¿£Ë¼Á¿µ½¸ÃÈí¼þÖ÷ÒªÓÃÓÚÄÚÍøÇéÐÎÖеÄÓʼþЧÀÍÆ÷£¬£¬£¬£¬ £¬ £¬£¬ÏàÐÅÕæʵ±£´æµÄ×°±¸ÊýÄ¿½«Áè¼Ý̻¶µÄÊýÖµ¡£¡£¡£


º£ÄÚ·½Ã棬£¬£¬£¬ £¬ £¬£¬¸ÃÓ¦ÓóÌÐòÖ÷ÒªÂþÑÜÔÚÏã¸Û¡¢Ì¨ÍåµÈµØÇø£¬£¬£¬£¬ £¬ £¬£¬Æä´ÎÊǺÓÄÏÊ¡¡¢¹ã¶«Ê¡¡¢Õã½­Ê¡£¡£¡£¬£¬£¬£¬ £¬ £¬£¬Ê¹ÓÃÊýÄ¿Ïà¶ÔÍâÑó½ÏÉÙ¡£¡£¡£



MailEnable 10.24֮ǰ°æ±¾±£´æÈçÏÂÎó²î£º



CVE-2019-12924

Õë¶ÔÓÐÎó²îµÄMailEnable°æ±¾£¬£¬£¬£¬ £¬ £¬£¬Ê¹ÓÃXML External Injection(XXE)¹¥»÷£¬£¬£¬£¬ £¬ £¬£¬Î´¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔ´ÓЧÀÍÆ÷¶ÁÈ¡í§ÒâÎı¾Îļþ¡£¡£¡£ÓÉÓÚMailEnableµÄƾ֤´æ´¢ÔÚ´¿Îı¾ÎļþÖжøûÓÐÈκμÓÃÜ£¬£¬£¬£¬ £¬ £¬£¬Òò´Ë¿ÉÒÔÇÔÈ¡ËùÓÐÓû§µÄƾ֤£¬£¬£¬£¬ £¬ £¬£¬°üÀ¨×î¸ßÌØȨÓû§£¨SYSADMINÕÊ»§£©¡£¡£¡£


CVE-2019-12925

·¾¶´©Ô½Îó²î£¬£¬£¬£¬ £¬ £¬£¬¾­ÓÉÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔÔÚÄ¿½ñIISÓû§ÓÐȨ»á¼ûµÄí§ÒâÎļþ¼ÐÖÐÌí¼Ó£¬£¬£¬£¬ £¬ £¬£¬É¾³ý»ò¿ÉÄܶÁÈ¡Îļþ¡£¡£¡£Õâ¿ÉÄܵ¼Ö²»·¨¶ÁÈ¡ÆäËûÓû§Æ¾Ö¤£¬£¬£¬£¬ £¬ £¬£¬°üÀ¨SYSADMINÕÊ»§£¬£¬£¬£¬ £¬ £¬£¬ÔĶÁÆäËûÓû§µÄµç×ÓÓʼþ£¬£¬£¬£¬ £¬ £¬£¬»ò½«µç×ÓÓʼþ»òÎļþÌí¼Óµ½ÆäËûÓû§µÄÕÊ»§¡£¡£¡£


CVE-2019-12927

´æ´¢Ðͺͷ´ÉäÐÍXSSÎó²î£¬£¬£¬£¬ £¬ £¬£¬¿ÉÄܱ»Î´¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßʹÓᣡ£¡£Ò»µ©Óû§·­¿ª¶ñÒâµç×ÓÓʼþ£¬£¬£¬£¬ £¬ £¬£¬¾Í»áÖ´ÐÐXSSÓÐÓøºÔØ¡£¡£¡£È»ºó£¬£¬£¬£¬ £¬ £¬£¬¿ÉÒÔͨ¹ýÏòËùÓÐÈË·¢Ë͸ü¶àµç×ÓÓʼþ»òʹÓÃ̸ÌìÐÂÎÅÖб£´æµÄÁíÒ»¸ö´æ´¢µÄXSSÎÊÌâÀ´½«ÆäÓÃÓÚ¶¨Î»Ó¦ÓóÌÐòµÄËùÓÐÓû§¡£¡£¡£ÈôÊǶñÒâÓʼþÔÚ¾ÖÓòÍøÄÚ¾ÙÐдó¹æÄ£Èö²¥£¬£¬£¬£¬ £¬ £¬£¬Õû¸öÓʼþÍøÂçÄڵĻúе¿ÉÄÜÂÙΪ¹¥»÷Õß¿ØÖƵĽ©Ê¬ÍøÂç¡£¡£¡£


CVE-2019-12926

¹ýʧµÄ»á¼û¿ØÖÆ£¬£¬£¬£¬ £¬ £¬£¬MailEnable½â¾ö¼Æ»®ÔÚijЩÇéÐÎÏÂʹÓÃÊʵ±µÄ»á¼û¿ØÖƼì²é¡£¡£¡£Òò´Ë£¬£¬£¬£¬ £¬ £¬£¬µ±ÒÔÓû§²»Ó¦¾ßÓÐÖ´ÐÐȨÏÞµÄÓû§Éí·ÝµÇ¼ʱ£¬£¬£¬£¬ £¬ £¬£¬¿ÉÒÔ¾ÙÐÐԽȨ²Ù×÷²Ù×÷£¬£¬£¬£¬ £¬ £¬£¬Ò²¿ÉÒÔ»á¼ûÓ¦ÓóÌÐòÖÐʹÓõÄÕÊ»§±¾Ó¦Ã»ÓÐ×ã¹»»á¼ûȨÏÞµÄÇøÓò¡£¡£¡£


CVE-2019-12923

Cross-Site Request Forgery(CSRF)Îó²î£¬£¬£¬£¬ £¬ £¬£¬MailEnableµÄijЩÁ÷³ÌÈÝÒ×Êܵ½CSRF¹¥»÷£¬£¬£¬£¬ £¬ £¬£¬ÀýÈçÊܺ¦Õß¿ÉÒÔ´ú±í¹¥»÷Õß·¢Ë͵ç×ÓÓʼþ£¬£¬£¬£¬ £¬ £¬£¬»òÕß¿ÉÒÔΪδ¾­ÊÚȨµÄÓû§·ÖÅÉÍêÕûµÄµç×ÓÓʼþ»á¼ûȨÏÞ¡£¡£¡£



Îó²îÑéÖ¤



ÔÝÎÞPOC/EXP¡£¡£¡£



ÐÞ¸´½¨Òé



MailEnable¹Ù·½ÒѾ­Ðû²¼ÁË×îеÄÇå¾²²¹¶¡10.25£¬£¬£¬£¬ £¬ £¬£¬Ç¿ÁÒ½¨ÒéÓû§¾ÙÐÐÈí¼þ°æ±¾Éý¼¶£¬£¬£¬£¬ £¬ £¬£¬ÏÂÔصصãΪ£ºhttp://www.mailenable.com/download.asp¡£¡£¡£



²Î¿¼Á´½Ó



https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/