7.8

CVE-2017-11774

Warnung
Exploit

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOutlook Version2010 Updatesp2
MicrosoftOutlook Version2013 Updatesp1 SwEdition-
MicrosoftOutlook Version2013 Updatesp1 SwEditionrt
MicrosoftOutlook Version2016

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office Outlook Security Feature Bypass Vulnerability

Schwachstelle

Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 82.85% 0.992
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/101098
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1039542
Third Party Advisory
Broken Link
VDB Entry