(提案)集群RECENT-19 - 33的候选人

未来3 RECENT-XX集群识别共有92名候选人,这是最近几个月非常忙。下面的集群包含33个候选人宣布4/24/2000和5/10/2000之间。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0249 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000615 Assigned: 20000425 Category: SF Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program Reference: URL:http://xforce.iss.net/alerts/advise47.php3AIX快速响应缓存加速器(FRCA)允许本地用户修改任意文件通过frcactrl项目配置功能。ED_PRI - 2000 - 0249 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0380:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000426思科HTTP可能的错误:参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html参考:思科:20000514思科IOS HTTP服务器漏洞参考:网址:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml参考:XF: cisco-ios-http-dos IOS HTTP服务在思科路由器和交换机运行IOS 11.1 12.1允许远程攻击者造成拒绝服务请求的URL包含一个% %字符串。ED_PRI - 2000 - 0380 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0382:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:阿莱尔:ASB00-12参考:网址:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full参考:报价:1179参考:网址:http://www.securityfocus.com/bid/1179参考:XF: allaire-clustercats-url-redirect ColdFusion ClusterCATS附加过期在HTML重定向URL查询字符串参数,这可能提供敏感信息网站重定向。ED_PRI - 2000 - 0382 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0387:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:FREEBSD: FreeBSD-SA-00:16参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc参考:报价:1184参考:网址:http://www.securityfocus.com/bid/1184中的makelev程序移植软件库的golddig游戏允许本地用户覆盖任意文件。ED_PRI - 2000 - 0387 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0388:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:FREEBSD: FreeBSD-SA-00:17参考:网址:ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd - sa - 00% - 3 - a17.libmytinfo.asc参考:报价:1185参考:网址:http://www.securityfocus.com/bid/1185参考:XF: libmytinfo-bo缓冲区溢出在FreeBSD libmytinfo图书馆允许本地用户执行命令通过一个长TERMCAP环境变量。ED_PRI - 2000 - 0388 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0414:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:惠普:hpsbux0005 - 113参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html参考:XF: hp-shutdown-privileges参考:报价:1214参考:网址:http://www.securityfocus.com/bid/1214脆弱性在hp - ux 11关闭命令。X和10。X允许允许本地用户获得特权通过畸形的输入变量。ED_PRI - 2000 - 0414 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0433:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:SUSE: 20000502 aaabase < 2000.5.2参考:网址:http://www.suse.de/de/support/security/suse_security_announce_47.txt参考:XF: aaabase-execute-dot-files SuSE aaa_base包安装一些系统账户主目录设置为/ tmp,它允许本地用户获得特权帐户的创建标准用户启动脚本等资料。ED_PRI - 2000 - 0433 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0439:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000510 IE域混乱脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com参考:BUGTRAQ: 20000511 IE域混乱的脆弱性是一个电子邮件的问题也参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net参考:女士:ms00 - 033参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 033. - asp参考:报价:1194参考:网址:http://www.securityfocus.com/bid/1194参考:XF: ie-cookie-disclosure Internet Explorer 4.0和5.0允许恶意网站获得客户机Cookie从另一个域包括域名和转义字符的URL,即“饼干的未经授权的访问”的弱点。ED_PRI - 2000 - 0439 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0440:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:NETBSD: NETBSD - sa2000 - 002参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——002.参考:[NHC20000504a BUGTRAQ: 20000506。0:NetBSD恐慌当发送对齐IP选项]参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html参考:报价:1173参考:网址:http://www.securityfocus.com/bid/1173NetBSD 1.4.2早些时候,允许远程攻击者造成拒绝服务通过发送一个包和一个对齐的IP时间戳选项。ED_PRI - 2000 - 0440 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0457:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000511警报:IIS ism。dll公开文件内容参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95810120719608&w=2参考:女士:ms00 - 031参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 031. - asp参考:报价:1193参考:网址:http://www.securityfocus.com/bid/1193供应管理协会(ISM)。DLL在IIS 4.0和5.0允许远程攻击者读取文件内容通过请求文件并添加大量的编码空间(% 20)和终止.htr扩展,即“。HTR文件片段阅读”或“文件片段阅读通过.HTR”漏洞。ED_PRI - 2000 - 0457 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0379:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000507咨询:Netopia R9100路由器脆弱性参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com参考:确认:http://www.netopia.com/equipment/purchase/fmw_update.html参考:报价:1177参考:网址:http://www.securityfocus.com/bid/1177参考:XF: netopia-snmp-comm-strings Netopia R9100路由器并不阻止通过身份验证的用户修改SNMP表,即使管理员配置它。ED_PRI - 2000 - 0379 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0427:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:未知参考:L0PHT: 20000504 eToken私人信息提取和物理攻击参考:网址:http://www.l0pht.com/advisories/etoken-piepa.txt参考:XF: aladdin-etoken-pin-reset参考:报价:1170参考:网址:http://www.securityfocus.com/bid/1170阿拉丁知识系统eToken设备允许攻击者与物理访问设备获取敏感信息不知道主人的销重置eepm销。ED_PRI - 2000 - 0427 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0428:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:奈:20000503 Trend Micro内扫描VirusWall远程溢出参考:网址:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp参考:报价:1168参考:网址:http://www.securityfocus.com/bid/1168参考:XF: interscan-viruswall-bo缓冲区溢出的SMTP网关内扫描病毒墙3.32和更早的允许远程攻击者执行任意命令通过一个长文件名的一种编码的程式附件。ED_PRI - 2000 - 0428 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0378:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000502 pam_console错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html参考:报价:1176参考:网址:http://www.securityfocus.com/bid/1176pam_console PAM模块在Linux系统上执行一个乔恩各种设备在一个用户登录,但有些设备的所有权不是重置用户注销时,该用户可以嗅活动在这些设备后续用户登录。ED_PRI - 2000 - 0378 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0381:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000505黑色手表实验室脆弱性预警参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html参考:MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html参考:XF: http-cgi-dbman-db参考:报价:1178参考:网址:http://www.securityfocus.com/bid/1178薄纱线程DBMan db。cgi cgi脚本允许远程攻击者查看和设置环境变量通过引用不存在的信息数据库的db参数。ED_PRI - 2000 - 0381 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0383:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:XF: aolim-file-path参考:BugTraq邮件列表:“美国在线即时通讯”:参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=002401bfb918 d5a0 7310美元1 ef084ce@karemor.com参考:报价:1180参考:网址:http://www.securityfocus.com/bid/1180AOL的即时通讯的文件传输组件(AIM)揭示了物理路径的文件传输到远程接收方。ED_PRI - 2000 - 0383 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0384:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:CF参考:L0PHT: 7180 NetStructure 20000508远程后门漏洞参考:网址:http://www.lopht.com/advisories/ipivot7110.html参考:L0PHT: 20000508 7110年NetStructure控制台后门参考:网址:http://www.l0pht.com/advisories/ipivot7180.html参考:确认:http://216.188.41.136/参考:XF: netstructure-root-compromise参考:XF: netstructure-wizard-mode参考:报价:1182参考:网址:http://www.securityfocus.com/bid/1182参考:报价:1183参考:网址:http://www.securityfocus.com/bid/1183NetStructure 7110年和7180年非法账户(servnow、根和向导)的密码很容易猜测NetStructure的MAC地址,这可能允许远程攻击者获得根访问。ED_PRI - 2000 - 0384 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0385:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:MISC:http://www.blueworld.com/blueworld/万博下载包news/05.01.00-FM5_Security.html参考:确认:http://www.filemaker.com/support/webcompanion.html参考:XF: macos-filemaker-xml参考:XF: macos-filemaker-email FileMaker Pro 5 Web同伴允许远程攻击者绕过字段级数据库安全限制通过XML发布或电子邮件功能。ED_PRI - 2000 - 0385 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0386:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:MISC:http://www.blueworld.com/blueworld/万博下载包news/05.01.00-FM5_Security.html参考:确认:http://www.filemaker.com/support/webcompanion.html参考:XF: macos-filemaker-anonymous-email FileMaker Pro 5 Web同伴允许远程攻击者发送匿名的或伪造的电子邮件。ED_PRI - 2000 - 0386 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0409:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000510可能的Netscape 4.73参考符号链接问题:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html参考:报价:1201参考:网址:http://www.securityfocus.com/bid/1201参考:XF: netscape-import-certificate-symlink Netscape 4.73和更早的是符号链接导入一个新的证书,它允许本地用户覆盖文件的用户导入证书。ED_PRI - 2000 - 0409 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0410:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:NTBUGTRAQ: 20000510冷聚变服务器4.5.1 DoS脆弱性。参考网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843参考:XF: coldfusion-cfcache-dos参考:报价:1192参考:网址:http://www.securityfocus.com/bid/1192冷聚变服务器4.5.1允许远程攻击者造成拒绝服务通过重复请求CFCACHE标记缓存文件,没有存储在内存中。ED_PRI - 2000 - 0410 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0411:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000510黑色手表实验室脆弱性预警参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html参考:MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html参考:XF: http-cgi-formmail-environment参考:报价:1187参考:网址:http://www.securityfocus.com/bid/1187马特·赖特的FormMail CGI脚本允许远程攻击者获得通过env_report环境变量参数。ED_PRI - 2000 - 0411 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0412:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000510 KNapster脆弱性妥协User-readable文件参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0124.html参考:BUGTRAQ: 20000510 Gnapster脆弱性妥协User-readable文件参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0127.html参考:FREEBSD: FreeBSD-SA-00:18参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:18-gnapster.adv参考:XF: gnapster-view-files参考:报价:1186参考:网址:http://www.securityfocus.com/bid/1186Napster的gnapster和knapster客户不适当限制访问MP3文件,它允许远程攻击者从客户端读取任意文件的完整路径名指定的文件。ED_PRI - 2000 - 0412 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0413:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000506 shtml。exe揭示当地道路IIS web目录参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html参考:报价:1174参考:网址:http://www.securityfocus.com/bid/1174参考:XF: iis-shtml-reveal-path shtml。exe程序首页扩展包的IIS 4.0和5.0允许远程攻击者决定HTML的物理路径,HTM, ASP的,和SHTML文件通过请求的文件不存在,它生成一个错误消息,揭示了路径。ED_PRI - 2000 - 0413 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0417:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000505开曼群岛3220 - h DSL路由器DOS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html参考:BUGTRAQ: 20000523开曼群岛3220 h DSL路由器软件更新和新的奖金攻击参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html参考:报价:1219参考:网址:http://www.securityfocus.com/bid/1219HTTP管理界面开曼3220 - h DSL路由器允许远程攻击者造成拒绝服务通过很长的用户名或密码。ED_PRI - 2000 - 0417 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0422:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000504警报:DMailWeb缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95749276827558&w=2参考:XF: http-cgi-dmailweb-bo参考:报价:1171参考:网址:http://www.securityfocus.com/bid/1171缓冲区溢出在Netwin DMailWeb CGI程序允许远程攻击者通过长utoken执行任意命令参数。ED_PRI - 2000 - 0422 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0423:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000505警报:DNewsWeb缓冲区溢位参考:网址:万博下载包http://marc.theaimsgroup.com/?l=bugtraq&m=95764950403250&w=2参考:XF: http-cgi-dnews-bo万博下载包参考:报价:1172参考:网址:http://www.securityfocus.com/bid/1172缓冲区溢出在Netwin DNEWSWEB CGI程序万博下载包允许远程攻击者通过长等参数组,执行任意命令cmd, utag。ED_PRI - 2000 - 0423 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0425:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:确认:http://www.lsoft.com/万博下载包news/default.asp?item=Advisory0参考:BUGTRAQ: 20000505警报:其实Web档案(wa)缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html参考:XF: http-cgi-listserv-wa-bo参考:报价:1167参考:网址:http://www.securityfocus.com/bid/1167缓冲区溢出的Web档案组件L-Soft LISTSERV 1.8允许远程攻击者执行任意命令。ED_PRI - 2000 - 0425 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0426:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000505 Re:玩UltraBoard V1.6X参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html参考:报价:1175参考:网址:http://www.securityfocus.com/bid/1175参考:XF: ultraboard-cgi-dos UltraBoard 1.6和其他版本允许远程攻击者造成拒绝服务通过引用UltraBoard会话中的参数,从而导致UltraBoard叉本身的副本。ED_PRI - 2000 - 0426 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0429:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000427警报:Cart32密码后门(CISADV000427)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95686068203138&w=2参考:确认:http://www.cart32.com/kbshow.asp?article=c048早些时候在Cart32 3.0和后门密码允许远程攻击者执行任意命令。ED_PRI - 2000 - 0429 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0430:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000503另一个有趣的Cart32命令参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95738697301956&w=2参考:XF: cart32-expdate Cart32允许远程攻击者访问敏感的调试/ expdate附加到URL请求的信息。ED_PRI - 2000 - 0430 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0458:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000424两个问题在小鬼2参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2参考:XF: imp-tmpfile-view IMP中的MSWordView应用程序创建全局文件在/ tmp目录中,它允许其他本地用户阅读可能敏感信息。ED_PRI - 2000 - 0458 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0459:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000424两个问题在小鬼2参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2参考:XF: imp-wordfile-dos小鬼不正确如果MSWordView应用程序退出删除文件,它允许本地用户造成拒绝服务由填满磁盘空间要求大量的文档和过早停止请求。ED_PRI - 2000 - 0459 3投票: