Vulnerability Details CVE-2017-11774
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.846
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
Proposed Action
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.
Ransomware Campaign
Unknown
References
- http://www.securityfocus.com/bid/101098
- http://www.securitytracker.com/id/1039542
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
- https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
- http://www.securityfocus.com/bid/101098
- http://www.securitytracker.com/id/1039542
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
- https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/