777
绿盟科技网络安全威胁周报2017.33 关注Foxit PDF Compressor installer DLL预加载漏洞CVE-2017-12892
绿盟科技发布了本周安全通告,周报编号NSFOCUS-17-32,绿盟科技漏洞库本周新增67条,其中高危7条。本次周报建议大家关注 Foxit PDF Compressor installer DLL预加载漏洞 。目前,厂商已发布更新程序,请使用Foxit PDF Compressor的用户及时升级修复。
焦点漏洞
Foxit PDF Compressor installer DLL预加载漏洞
- NSFOCUS ID 37423
- CVE ID CVE-2017-12892
受影响版本
- Foxit PDF Compressor 7.0.0.183 — 7.7.2.10
漏洞点评
Foxit PDF Compressor是基于服务器文档转换及压缩的企业解决方案。Foxit PDF Compressor installer在 7.0.0.183 至 7.7.2.10 版本中,存在DLL预加载漏洞,可使攻击者在当前安装工作目录中加载恶意DLL。目前厂商已发布更新程序,请使用Foxit PDF Compressor的用户及时升级修复。
(数据来源:绿盟科技安全研究部&产品规则组)
互联网安全态势
CVE统计
最近一周CVE公告总数与前期相比有大幅度上升。值得关注的高危漏洞如下:
威胁信息回顾
-
标题:Rapid7 warns of Remote Desktop Protocol (RDP) exposure for millions of endpoints
- 时间:2017-08-14
- 摘要:According to a new research conducted by experts at Rapid7, there are 4.1 million Windows endpoints exposed online via Remote Desktop Protocol (RDP).
- 链接:https://securityaffairs.co/wordpress/62004/hacking/rdp-exposure-report.html
-
标题:HBO hackers leak episodes for Insecure and Curb Your Enthusiasm
- 时间:2017-08-14
- 摘要:It looks like for now there is no end to the HBO hacking spree as earlier today the group of hackers behind breaching the Network’s system and stealing a trove of data has leaked unaired episodes of Curb Your Enthusiasm, Insecure, Ballers, Barry and The Deuce TV series, reports the Associated Press.
- 链接:https://www.hackread.com/hbo-hackers-leak-episodes-for-insecure-curb-your-enthusiasm/
-
标题:The Disdain exploit kit appears in the threat landscape
- 时间:2017-08-15
- 摘要:The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively.
- 链接:https://securityaffairs.co/wordpress/62021/malware/disdain-exploit-kit.html
-
标题: Blizzard Entertainment hit by massive DDoS attack
- 时间:2017-08-15
- 摘要:The web servers of Blizzard Entertainment have suffered a series of massive distributed denial-of-service (DDoS) attacks over the weekend causing disconnection and latency issues in Blizzard Games including World of Warcraft and Overwatch.
- 链接:https://www.hackread.com/blizzard-entertainment-hit-by-massive-ddos-attack/
-
标题:8 More Chrome Extensions Hijacked to Target 4.8 Million Users
- 时间:2017-08-16
- 摘要:Google’s Chrome web browser Extensions are under attack with a series of developers being hacked within last one month.
- 链接:https://thehackernews.com/2017/08/chrome-extension-hacking.html
-
标题:Backdoor Found in Popular Server Management Software used by Hundreds of Companies
- 时间:2017-08-15
- 摘要:Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect.
- 链接:https://thehackernews.com/2017/08/netsarang-server-management.html
-
标题:Cerber Ransomware now includes a feature to avoid canary files anti-malware
- 时间:2017-08-16
- 摘要:Researchers at Cybereason have discovered a new strain of the Cerber ransomware that implements a new feature to avoid triggering canary files.
- 链接:https://securityaffairs.co/wordpress/62068/malware/cerber-ransomware-canary.html
-
标题:Skilled bad actors use new pulse wave DDoS attacks to hit multiple targets
- 时间:2017-08-16
- 摘要:In a new type of DDoS attack, skilled bad actors use pulse wave DDoS assaults to exploit weaknesses in appliance-first hybrid mitigation solutions and pin down multiple targets.
- 链接:https://www.csoonline.com/article/3216548/security/skilled-bad-actors-using-new-pulse-wave-ddos-attacks-to-pin-down-multiple-targets.html
-
标题:Game of Thrones and HBO — Twitter, Facebook Accounts Hacked
- 时间:2017-08-16
- 摘要:The Game of Thrones hacking saga continues, but this time it’s the HBO’s and GOT’s official Twitter and Facebook accounts got compromised, rather than upcoming episodes.
- 链接:https://thehackernews.com/2017/08/game-of-thrones-hbo-hack.html
-
标题:Drupal Patches Critical Access Bypass in Core Engine
- 时间:2017-08-17
- 摘要:Website management platform Drupal released several patches that address access bypass vulnerabilities in its Drupal 8 Core engine Wednesday, fixing one critical and two moderately critical security bugs.
- 链接:https://threatpost.com/drupal-patches-critical-access-bypass-in-core-engine/127515/
-
标题:Rowhammer Attacks Come to MLC NAND Flash Memory
- 时间:2017-08-17
- 摘要:The Rowhammer attacks developed by Google more than two years ago put the focus on hardware front and center. That research allowed attackers to flip dynamic random access memory (DRAM) bits in order to induce those memory cells to change their state.
- 链接:https://threatpost.com/rowhammer-attacks-come-to-mlc-nand-flash-memory/127504/
-
标题: netsarang公司软件中的nssock2.dll模块被植入恶意代码
- 时间:2017-08-15
- 摘要:NetSarang是一家提供安全链接解决方案的公司,该公司的产品主要包括Xmanager, Xmanager 3D, Xshell, Xftp 和Xlpd。在最近的软件版本中发现nssock2.dll模块的官方源码中被植入恶意后门代码
- 链接:https://blog.nsfocus.net/netsarang-nssock2-threat-report/
-
标题: 版本控制软件爆出远程命令执行漏洞
- 时间:2017-08-18
- 摘要:几个流行的版本控制系统受到可能严重的 远程命令执行漏洞 的影响。受影响产品的开发人员本周发布了更新补丁来修补安全漏洞。该缺陷影响版本控制软件, 如 Git (CVE-2017-1000117)、Apache Subversion (CVE-2017-9800)、Mercurial (CVE-2017-1000116) 和 CVS。由于CVS 系统上次更新已经是9年前的事情了, 因此没有为它分配 CVE 标识符。
- 链接:https://toutiao.secjia.com/git-svn-mercurial-cvs-rce
-
标题: 木马Konni及解决方案
- 时间:2017-08-18
- 摘要:在今年7月份,针对朝鲜的进行网络攻击的远程访问木马Konni被发现,此次的网络攻击行为被怀疑与韩国有关。该木马主要通过 钓鱼邮件 的方式进行传播,开始先通过一个.scr文件执行Powershell脚本,并根据系统信息下载对应版本的 恶意软件
- 链接:https://toutiao.secjia.com/trojan-konn-attacked-north-korea
-
标题: 中国网信办与教育部联手:预期十年打造4-6所国际知名网络安全学院
- 时间:2017-08-15
- 摘要:为贯彻习近平总书记关于加强一流网络安全学院建设的重要指示精神,落实《网络安全法》、《关于加强网络安全学科建设和人才培养的意见》明确的工作任务,向各高校印发《一流网络安全学院建设示范项目管理办法》
- 链接:https://www.freebuf.com/news/144259.html
(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)
漏洞研究
漏洞库统计
截止到2017年8月18日,绿盟科技漏洞库已收录总条目达到37435条。本周新增漏洞记录67条,其中高危漏洞数量7条,中危漏洞数量44条,低危漏洞数量16条。
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-3124)
- 危险等级:中
- BID:100179
- cve编号:CVE-2017-3124
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-3123)
- 危险等级:中
- BID:100179
- cve编号:CVE-2017-3123
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-3122)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-3122
- Apache Tomcat 缓存投毒漏洞(CVE-2017-7674)
- 危险等级:低
- cve编号:CVE-2017-7674
- Apache Tomcat 目录遍历漏洞(CVE-2017-7675)
- 危险等级:中
- BID:100256
- cve编号:CVE-2017-7675
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11237)
- 危险等级:高
- BID:100179
- cve编号:CVE-2017-11237
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11238)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11238
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11242)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11242
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11241)
- 危险等级:中
- BID:100180
- cve编号:CVE-2017-11241
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11239)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11239
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11243)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11243
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11249)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11249
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11248)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11248
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11246)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11246
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11245)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11245
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11244)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11244
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11251)
- 危险等级:高
- BID:100179
- cve编号:CVE-2017-11251
- Adobe Acrobat/Reader远程代码执行漏洞(CVE-2017-11254)
- 危险等级:中
- BID:100182
- cve编号:CVE-2017-11254
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11252)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11252
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11259)
- 危险等级:低
- BID:100179
- cve编号:CVE-2017-11259
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11258)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11258
- Adobe Acrobat/Reader远程代码执行漏洞(CVE-2017-11257)
- 危险等级:中
- BID:100181
- cve编号:CVE-2017-11257
- Adobe Acrobat/Reader远程代码执行漏洞(CVE-2017-11256)
- 危险等级:中
- BID:100182
- cve编号:CVE-2017-11256
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11255)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11255
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11260)
- 危险等级:低
- BID:100179
- cve编号:CVE-2017-11260
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11261)
- 危险等级:低
- BID:100179
- cve编号:CVE-2017-11261
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11262)
- 危险等级:低
- BID:100179
- cve编号:CVE-2017-11262
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11265)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11265
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11263)
- 危险等级:低
- BID:100179
- cve编号:CVE-2017-11263
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11270)
- 危险等级:中
- BID:100179
- cve编号:CVE-2017-11270
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11269)
- 危险等级:中
- BID:100179
- cve编号:CVE-2017-11269
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11268)
- 危险等级:中
- BID:100179
- cve编号:CVE-2017-11268
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11267)
- 危险等级:中
- BID:100179
- cve编号:CVE-2017-11267
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11271)
- 危险等级:高
- BID:100179
- cve编号:CVE-2017-11271
- Adobe Acrobat/Reader远程代码执行漏洞(CVE-2017-3113)
- 危险等级:中
- BID:100182
- cve编号:CVE-2017-3113
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-3016)
- 危险等级:高
- BID:100179
- cve编号:CVE-2017-3016
- Adobe Acrobat/Reader信息泄露漏洞(CVE-2017-3115)
- 危险等级:低
- BID:100187
- cve编号:CVE-2017-3115
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-3116)
- 危险等级:高
- BID:100179
- cve编号:CVE-2017-3116
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-3117)
- 危险等级:中
- BID:100180
- cve编号:CVE-2017-3117
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-3121)
- 危险等级:中
- BID:100180
- cve编号:CVE-2017-3121
- Adobe Acrobat/Reader远程代码执行漏洞(CVE-2017-3120)
- 危险等级:中
- BID:100182
- cve编号:CVE-2017-3120
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-3119)
- 危险等级:高
- BID:100179
- cve编号:CVE-2017-3119
- Adobe Acrobat/Reader安全功能绕过漏洞(CVE-2017-3118)
- 危险等级:中
- BID:100189
- cve编号:CVE-2017-3118
- Fortinet FortiManager SQL注入漏洞(CVE-2015-3616)
- 危险等级:中
- cve编号:CVE-2015-3616
- Fortinet FortiManager 跨站脚本漏洞(CVE-2015-3615)
- 危险等级:低
- cve编号:CVE-2015-3615
- Fortinet FortiManager 信息泄露漏洞(CVE-2015-3614)
- 危险等级:低
- cve编号:CVE-2015-3614
- Apache Sling Servlets Post跨站脚本漏洞(CVE-2017-9802)
- 危险等级:中
- BID:100284
- cve编号:CVE-2017-9802
- Symantec Messaging Gateway远程代码执行漏洞(CVE-2017-6327)
- 危险等级:低
- BID:100135
- cve编号:CVE-2017-6327
- Symantec Messaging Gateway跨站请求伪造漏洞(CVE-2017-6328)
- 危险等级:低
- BID:100136
- cve编号:CVE-2017-6328
- SIMPlight SCADA Software DLL加载本地代码执行漏洞(CVE-2017-9661)
- 危险等级:中
- BID:100263
- cve编号:CVE-2017-9661
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11233)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11233
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11236)
- 危险等级:中
- BID:100184
- cve编号:CVE-2017-11236
- Adobe Acrobat/Reader远程代码执行漏洞(CVE-2017-11235)
- 危险等级:中
- BID:100182
- cve编号:CVE-2017-11235
- Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11234)
- 危险等级:低
- BID:100179
- cve编号:CVE-2017-11234
- Foxit PDF Compressor installer DLL预加载漏洞(CVE-2017-12892)
- 危险等级:低
- cve编号:CVE-2017-12892
- PostgreSQL 远程拒绝服务漏洞(CVE-2017-7548)
- 危险等级:低
- BID:100276
- cve编号:CVE-2017-7548
- 389 Directory Server信息泄露漏洞(CVE-2017-7551)
- 危险等级:低
- BID:100143
- cve编号:CVE-2017-7551
- PostgreSQL 身份验证绕过漏洞(CVE-2017-7546)
- 危险等级:中
- BID:100278
- cve编号:CVE-2017-7546
- PostgreSQL 信息泄露漏洞(CVE-2017-7547)
- 危险等级:低
- BID:100275
- cve编号:CVE-2017-7547
- Advantech WebOP 堆缓冲区溢出漏洞(CVE-2017-12705)
- 危险等级:中
- cve编号:CVE-2017-12705
- Cisco Application Policy Infrastructure Controller本地权限提升漏洞(CVE-2017-6768)
- 危险等级:中
- BID:100363
- cve编号:CVE-2017-6768
- Cisco AnyConnect Secure Mobility Client Software跨站脚本漏洞(CVE-2017-6788)
- 危险等级:中
- BID:100364
- cve编号:CVE-2017-6788
- Cisco Prime Infrastructure HTML注入漏洞(CVE-2017-6782)
- 危险等级:中
- cve编号:CVE-2017-6782
- Cisco Policy Suite 权限提升漏洞(CVE-2017-6781)
- 危险等级:中
- BID:100365
- cve编号:CVE-2017-6781
- Cisco RV340/RV345/RV345P Dual WAN Gigabit VPN路由器信息泄露漏洞(CVE-2017-6784)
- 危险等级:中
- cve编号:CVE-2017-6784
- Cisco Security Appliances SNMP轮询信息泄露漏洞(CVE-2017-6783)
- 危险等级:中
- BID:100387
- cve编号:CVE-2017-6783
- Cisco Virtual Network Function Element Manager任意命令执行漏洞(CVE-2017-6710)
- 危险等级:高
- BID:100362
- cve编号:CVE-2017-6710
(数据来源:绿盟科技安全研究部&产品规则组)
原文发布时间:2017年8月21日
本文由:绿盟科技发布,版权归属于原作者
原文链接:https://toutiao.secjia.com/nsfocus-internet-security-threats-weekly-201733
本文来自云栖社区合作伙伴安全加,了解相关信息可以关注安全加网站
最后更新:2017-09-13 10:33:04