CVE-2017-11774: Microsoft Office Outlook Security Feature Bypass Vulnerability
First published: Fri Oct 13 2017(Updated: )
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Outlook | =sp1 | |
| Microsoft Outlook | =2010-sp2 | |
| Microsoft Outlook | =2013-sp1 | |
| Microsoft Outlook | =2016 | |
| Microsoft Outlook | =2013-sp1 | |
| Microsoft Outlook | =2013-sp1 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/101098
- http://www.securitytracker.com/id/1039542
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
- https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
- https://www.bleepingcomputer.com/news/security/new-specula-tool-uses-outlook-for-remote-code-execution-in-windows/
- https://nvd.nist.gov/vuln/detail/CVE-2017-11774
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/description
- agent/remedy
- agent/title
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2017-11774
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- vendor/microsoft
- canonical/microsoft outlook
- version/microsoft outlook/sp1
- version/microsoft outlook/2010-sp2
- version/microsoft outlook/2013-sp1
- version/microsoft outlook/2016
- canonical/microsoft office