CVE-2017-11774

Summary

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Affected Software

VendorProductVersion RangeStatus
Microsoft CorporationMicrosoft OutlookMicrosoft Outlook 2010 SP2affected
Microsoft CorporationMicrosoft OutlookOutlook 2013 SP1 and RT SP1affected
Microsoft CorporationMicrosoft OutlookOutlook 2016affected

Weaknesses

  • Security Feature Bypass

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References