Back to KEVs

CVE-2017-11774

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft...

Basic Information

CVE State
PUBLISHED
Reserved Date
July 31, 2017
Published Date
October 13, 2017
Last Updated
October 21, 2025
Vendor
Microsoft Corporation
Product
Microsoft Outlook
Description
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
Tags
cisa microsoft

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2021-11-03 00:00:00 UTC) Source

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774 http://www.securityfocus.com/bid/101098 http://www.securitytracker.com/id/1039542 https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC
CISA 2021-11-03 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Added to KEVIntel