CyberSec.Space Logo
Back to CVE Browser

CVE-2017-11774

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score76.7270%
EPSS Percentile93.36th
PublishedOct 13, 2017
Last ModifiedApr 22, 2026

Vulnerability Description

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Outlook

= 2010
πŸ“¦
Microsoft

Outlook

= 2013
πŸ“¦
Microsoft

Outlook

= 2013
πŸ“¦
Microsoft

Outlook

= 2016

References & Advisories

πŸ”— http://www.securityfocus.com/bid/101098
πŸ”— http://www.securitytracker.com/id/1039542
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
πŸ”— https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
πŸ”— http://www.securityfocus.com/bid/101098
πŸ”— http://www.securitytracker.com/id/1039542
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
πŸ”— https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/

Related Vulnerabilities

CVE-2004-038010.0

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass do...

CVE-2001-053810.0

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands...

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-2012-139110.0

Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact...

CVE-2017-11774 Detail & Impact Analysis | CVSS 7.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space