΢ÈíAndroid°æOutlook XSS©¶´

Ðû²¼Ê±¼ä 2019-06-22


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Åä¾°ÃèÊö


΢ÈíÐû²¼Android°æOutlookÄþ¾²¸üУ¬ÐÞ¸´Ò»¸ö´æ´¢ÐÍXSS©¶´£¨CVE-2019-1105 £©¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ý·¢ËͶñÒâµç×ÓÓʼþ´¥·¢¸Ã©¶´£¬´Ó¶øÔÚÄ¿±êÉ豸ÉÏÖ´ÐжñÒâµÄÓ¦ÓÃÄÚ¿Í»§¶Ë´úÂë¡£


©¶´Áбí


CVE ID  £º   CVE-2019-1105
©¶´Æ·¼¶£º   ÖÐΣ
CVSSÆÀ·Ö£º   ÔÝÎÞ
Ó°Ï췶Χ£º   Outlook for Android 3.0.88֮ǰµÄ°æ±¾

©¶´ÏêÇé


ƾ¾Ý΢ÈíÐû²¼µÄÄþ¾²Í¨¸æ£¬Outlook for Android 3.0.88֮ǰµÄ°æ±¾´æÔÚÒ»¸ö´æ´¢ÐÍXSS©¶´£¨CVE-2019-1105£©¡£¸Ã©¶´ÓëAPP½âÎö´«Èëµç×ÓÓʼþµÄ·½Ê½ÓйØ£¬¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿Éͨ¹ýÏòÄ¿±ê·¢ËͶñÒâµç×ÓÓʼþÀ´ÀûÓôË©¶´¡£ÀÖ³ÉÀûÓôË©¶´µÄ¹¥»÷Õß¿ÉÄÜ»á¶ÔÊÜÓ°ÏìµÄϵͳִÐпçÕ¾½Å±¾¹¥»÷£¬²¢ÔÚµ±Ç°Óû§µÄÄþ¾²ÉÏÏÂÎÄÖÐÔËÐнű¾¡£´ËÄþ¾²¸üÐÂͨ¹ý¸üÕýOutlook for Android½âÎöÌض¨µç×ÓÓʼþµÄ·½Ê½À´ÐÞ¸´¸Ã©¶´¡£


΢Èí³Æ¸Ã©¶´ÊÇÓɶà¸öÄþ¾²Ñо¿ÈËÔ±¶ÀÁ¢³ÂËߵģ¬¶øÇÒ¿ÉÄܻᵼÖÂÆÛÆ­ÀàÐ͵Ĺ¥»÷¡£´Ë©¶´µÄ¾ßÌå¼¼Êõϸ½Ú»ò¿´·¨ÑéÖ¤ÉÐδ¹ûÈ»Ðû²¼¡£Ä¿Ç°Î¢ÈíÉÐδ·¢ÏÖÓë´Ë©¶´ÓйصÄÈκι¥»÷ʼþ¡£

ÐÞ¸´½¨Òé


Èç¹ûÓû§µÄAndroidÉ豸ÉÐδ×Ô¶¯¸üУ¬½¨ÒéÓû§´ÓGoogle PlayÉ̵êÊÖ¶¯¸üÐÂOutlook APP¡£

²Î¿¼Á´½Ó


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105
https://thehackernews.com/2019/06/outlook-app-android.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1105