CVE-2017-11774

high-risk
Published 2017-10-13

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Do I need to act?

!
84.6% chance of exploitation in next 30 days
EPSS score — higher than 15% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (4)

Affected Vendors

Microsoft

References (9)

Broken Link http://www.securityfocus.com/bid/101098
Broken Link http://www.securitytracker.com/id/1039542
Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1177...
Exploit https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
Broken Link http://www.securityfocus.com/bid/101098
Broken Link http://www.securitytracker.com/id/1039542
Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1177...
Exploit https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-...
61
/ 100
high-risk
Severity 24/34 · High
Exploitability 27/34 · High
Exposure 10/34 · Low