΢ÈíAndroid°æOutlook XSS·ì϶

°ä²¼¹¦·ò 2019-06-22


OG¶«·½Ìü¡¤(Öйú´ó½)


²¼¾°ÃèÊö


΢Èí°ä²¼Android°æOutlook°²È«¸üУ¬£¬ÐÞ¸´Ò»¸ö´æ´¢ÐÍXSS·ì϶£¨CVE-2019-1105 £©¡£¡£¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ý·¢ËͶñÒâµç×ÓÓʼþ´¥·¢¸Ã·ì϶£¬£¬´Ó¶øÔÚÖ¸±êÉ豸ÉÏÖ´ÐжñÒâµÄÀûÓÃÄÚ¿Í»§¶Ë´úÂë¡£¡£¡£


·ì϶Áбí


CVE ID  £º   CVE-2019-1105
·ì϶µÈ¼¶£º   ÖÐΣ
CVSSÆÀ·Ö£º   ÔÝÎÞ
Ó°ÏìÁìÓò£º   Outlook for Android 3.0.88֮ǰµÄ°æ±¾

·ì϶ÏêÇé


ƾ¾Ý΢Èí°ä²¼µÄ°²È«²¼¸æ£¬£¬Outlook for Android 3.0.88֮ǰµÄ°æ±¾´æÔÚÒ»¸ö´æ´¢ÐÍXSS·ì϶£¨CVE-2019-1105£©¡£¡£¡£¸Ã·ì϶ÓëAPP½âÎö´«Èëµç×ÓÓʼþµÄ·½Ê½ÓйØ£¬£¬¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿Éͨ¹ýÏòÖ¸±ê·¢ËͶñÒâµç×ÓÓʼþÀ´ÀûÓô˷ì϶¡£¡£¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷Õß¿ÉÄÜ»á¶ÔÊÜÓ°ÏìµÄϵͳִÐпçÕ¾¾ç±¾¹¥»÷£¬£¬²¢ÔÚµ±Ç°Óû§µÄ°²È«¸ßµÍÎÄÖÐÔËÐо籾¡£¡£¡£´Ë°²È«¸üÐÂͨ¹ý¸üÕýOutlook for Android½âÎöÌض¨µç×ÓÓʼþµÄ·½Ê½À´ÐÞ¸´¸Ã·ì϶¡£¡£¡£


΢Èí³Æ¸Ã·ì϶ÊÇÓɶà¸ö°²È«×êÑÐÈËÔ±¶ÀÁ¢»ã±¨µÄ£¬£¬²¢ÇÒ¿ÉÄܻᵼÖºýŪÀàÐ͵Ĺ¥»÷¡£¡£¡£´Ë·ì϶µÄ¾ßÌå¼¼Êõϸ½Ú»ò¸ÅÄîÑéÖ¤ÉÐδ¹«¿ª°ä²¼¡£¡£¡£Ä¿Ç°Î¢ÈíÉÐδ·¢ÏÖÓë´Ë·ì϶ÓйصÄÈκι¥»÷ÊÂÎñ¡£¡£¡£

ÐÞ¸´½¨Òé


ÈôÊÇÓû§µÄAndroidÉ豸ÉÐδ×Ô¶¯¸üУ¬£¬½¨ÒéÓû§´ÓGoogle PlayÉ̵êÊÖ¶¯¸üÐÂOutlook APP¡£¡£¡£

²Î¿¼Á´½Ó


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105
https://thehackernews.com/2019/06/outlook-app-android.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1105