MailEnable¶à¸öÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-11

Îó²î±àºÅºÍ¼¶±ð



CVE±àºÅ£ºCVE-2019-12924£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12925£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12927£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12926£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12923£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨



Ó°Ïì°æ±¾



ÊÜÓ°ÏìµÄ°æ±¾


MailEnable 10.24֮ǰ°æ±¾



Îó²î¸ÅÊö



MailEnable Enterprise PremiumÊÇ°Ä´óÀûÑÇMailEnable¹«Ë¾µÄÒ»Ì×POP3ºÍSMTPÓʼþЧÀÍÆ÷¡£ ¡£¡£¡£¾ßÓи»ºñµÄͨË׺ÍÖÎÀíÓû§¹¦Ð§£¬£¬£¬£¬£¬£¬ÓÉÓÚÆäʹÓüòÆÓÇÒ²¿·Ö°æ±¾Ãâ·Ñ£¬£¬£¬£¬£¬£¬Óû§Öڶࡣ ¡£¡£¡£¸ÃÓ¦ÓóÌÐòÖ÷ҪʹÓÃ.NET Framework¾ÙÐпª·¢¡£ ¡£¡£¡£


×èÖ¹ÏÖÔÚΪֹ£¬£¬£¬£¬£¬£¬ÔÚÖйú̻¶µÄ×ʲúÊýĿΪ15,039̨¡£ ¡£¡£¡£¿ £¿£¿£¿£¿£Ë¼Á¿µ½¸ÃÈí¼þÖ÷ÒªÓÃÓÚÄÚÍøÇéÐÎÖеÄÓʼþЧÀÍÆ÷£¬£¬£¬£¬£¬£¬ÏàÐÅÕæʵ±£´æµÄ×°±¸ÊýÄ¿½«Áè¼Ý̻¶µÄÊýÖµ¡£ ¡£¡£¡£


º£ÄÚ·½Ã棬£¬£¬£¬£¬£¬¸ÃÓ¦ÓóÌÐòÖ÷ÒªÂþÑÜÔÚÏã¸Û¡¢Ì¨ÍåµÈµØÇø£¬£¬£¬£¬£¬£¬Æä´ÎÊǺÓÄÏÊ¡¡¢¹ã¶«Ê¡¡¢Õã½­Ê¡£¬£¬£¬£¬£¬£¬Ê¹ÓÃÊýÄ¿Ïà¶ÔÍâÑó½ÏÉÙ¡£ ¡£¡£¡£



MailEnable 10.24֮ǰ°æ±¾±£´æÈçÏÂÎó²î£º



CVE-2019-12924

Õë¶ÔÓÐÎó²îµÄMailEnable°æ±¾£¬£¬£¬£¬£¬£¬Ê¹ÓÃXML External Injection(XXE)¹¥»÷£¬£¬£¬£¬£¬£¬Î´¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔ´ÓЧÀÍÆ÷¶ÁÈ¡í§ÒâÎı¾Îļþ¡£ ¡£¡£¡£ÓÉÓÚMailEnableµÄƾ֤´æ´¢ÔÚ´¿Îı¾ÎļþÖжøûÓÐÈκμÓÃÜ£¬£¬£¬£¬£¬£¬Òò´Ë¿ÉÒÔÇÔÈ¡ËùÓÐÓû§µÄƾ֤£¬£¬£¬£¬£¬£¬°üÀ¨×î¸ßÌØȨÓû§£¨SYSADMINÕÊ»§£©¡£ ¡£¡£¡£


CVE-2019-12925

·¾¶´©Ô½Îó²î£¬£¬£¬£¬£¬£¬¾­ÓÉÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔÔÚÄ¿½ñIISÓû§ÓÐȨ»á¼ûµÄí§ÒâÎļþ¼ÐÖÐÌí¼Ó£¬£¬£¬£¬£¬£¬É¾³ý»ò¿ÉÄܶÁÈ¡Îļþ¡£ ¡£¡£¡£Õâ¿ÉÄܵ¼Ö²»·¨¶ÁÈ¡ÆäËûÓû§Æ¾Ö¤£¬£¬£¬£¬£¬£¬°üÀ¨SYSADMINÕÊ»§£¬£¬£¬£¬£¬£¬ÔĶÁÆäËûÓû§µÄµç×ÓÓʼþ£¬£¬£¬£¬£¬£¬»ò½«µç×ÓÓʼþ»òÎļþÌí¼Óµ½ÆäËûÓû§µÄÕÊ»§¡£ ¡£¡£¡£


CVE-2019-12927

´æ´¢Ðͺͷ´ÉäÐÍXSSÎó²î£¬£¬£¬£¬£¬£¬¿ÉÄܱ»Î´¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßʹÓᣠ¡£¡£¡£Ò»µ©Óû§·­¿ª¶ñÒâµç×ÓÓʼþ£¬£¬£¬£¬£¬£¬¾Í»áÖ´ÐÐXSSÓÐÓøºÔØ¡£ ¡£¡£¡£È»ºó£¬£¬£¬£¬£¬£¬¿ÉÒÔͨ¹ýÏòËùÓÐÈË·¢Ë͸ü¶àµç×ÓÓʼþ»òʹÓÃ̸ÌìÐÂÎÅÖб£´æµÄÁíÒ»¸ö´æ´¢µÄXSSÎÊÌâÀ´½«ÆäÓÃÓÚ¶¨Î»Ó¦ÓóÌÐòµÄËùÓÐÓû§¡£ ¡£¡£¡£ÈôÊǶñÒâÓʼþÔÚ¾ÖÓòÍøÄÚ¾ÙÐдó¹æÄ£Èö²¥£¬£¬£¬£¬£¬£¬Õû¸öÓʼþÍøÂçÄڵĻúе¿ÉÄÜÂÙΪ¹¥»÷Õß¿ØÖƵĽ©Ê¬ÍøÂç¡£ ¡£¡£¡£


CVE-2019-12926

¹ýʧµÄ»á¼û¿ØÖÆ£¬£¬£¬£¬£¬£¬MailEnable½â¾ö¼Æ»®ÔÚijЩÇéÐÎÏÂʹÓÃÊʵ±µÄ»á¼û¿ØÖƼì²é¡£ ¡£¡£¡£Òò´Ë£¬£¬£¬£¬£¬£¬µ±ÒÔÓû§²»Ó¦¾ßÓÐÖ´ÐÐȨÏÞµÄÓû§Éí·ÝµÇ¼ʱ£¬£¬£¬£¬£¬£¬¿ÉÒÔ¾ÙÐÐԽȨ²Ù×÷²Ù×÷£¬£¬£¬£¬£¬£¬Ò²¿ÉÒÔ»á¼ûÓ¦ÓóÌÐòÖÐʹÓõÄÕÊ»§±¾Ó¦Ã»ÓÐ×ã¹»»á¼ûȨÏÞµÄÇøÓò¡£ ¡£¡£¡£


CVE-2019-12923

Cross-Site Request Forgery(CSRF)Îó²î£¬£¬£¬£¬£¬£¬MailEnableµÄijЩÁ÷³ÌÈÝÒ×Êܵ½CSRF¹¥»÷£¬£¬£¬£¬£¬£¬ÀýÈçÊܺ¦Õß¿ÉÒÔ´ú±í¹¥»÷Õß·¢Ë͵ç×ÓÓʼþ£¬£¬£¬£¬£¬£¬»òÕß¿ÉÒÔΪδ¾­ÊÚȨµÄÓû§·ÖÅÉÍêÕûµÄµç×ÓÓʼþ»á¼ûȨÏÞ¡£ ¡£¡£¡£



Îó²îÑéÖ¤



ÔÝÎÞPOC/EXP¡£ ¡£¡£¡£



ÐÞ¸´½¨Òé



MailEnable¹Ù·½ÒѾ­Ðû²¼ÁË×îеÄÇå¾²²¹¶¡10.25£¬£¬£¬£¬£¬£¬Ç¿ÁÒ½¨ÒéÓû§¾ÙÐÐÈí¼þ°æ±¾Éý¼¶£¬£¬£¬£¬£¬£¬ÏÂÔصصãΪ£ºhttp://www.mailenable.com/download.asp¡£ ¡£¡£¡£



²Î¿¼Á´½Ó



https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/