CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-11774

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score76.7270%
EPSS Percentile93.36th
Published2017年10月13日
Last Modified2026年4月22日

Vulnerability Description

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Affected Platforms (CPE)

📦
Microsoft

Outlook

= 2010
📦
Microsoft

Outlook

= 2013
📦
Microsoft

Outlook

= 2013
📦
Microsoft

Outlook

= 2016

References & Advisories

🔗 http://www.securityfocus.com/bid/101098
🔗 http://www.securitytracker.com/id/1039542
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
🔗 https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
🔗 http://www.securityfocus.com/bid/101098
🔗 http://www.securitytracker.com/id/1039542
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
🔗 https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/

相關漏洞威脅

CVE-2004-038010.0

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass do...

CVE-2001-053810.0

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands...

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-2012-139110.0

Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact...