7.8

CVE-2017-11774

Warning
Exploit

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftOutlook Version2010 Updatesp2
MicrosoftOutlook Version2013 Updatesp1 SwEdition-
MicrosoftOutlook Version2013 Updatesp1 SwEditionrt
MicrosoftOutlook Version2016

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office Outlook Security Feature Bypass Vulnerability

Vulnerability

Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 82.85% 0.992
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/101098
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1039542
Third Party Advisory
Broken Link
VDB Entry