CVE-2017-11774

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft...

Basic Information

CVE State: PUBLISHED
Reserved Date: July 31, 2017
Published Date: October 13, 2017
Last Updated: February 10, 2025
Vendor: Microsoft Corporation
Product: Microsoft Outlook
Description: Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

CVSS Scores

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774 http://www.securityfocus.com/bid/101098 http://www.securitytracker.com/id/1039542 https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC