CVE-2017-11774

Published: Oct 13, 2017

Modified: Oct 21, 2025

PUBLISHED

Description

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Vendor	Product	Versions
Microsoft Corporation	Microsoft Outlook	affected `Microsoft Outlook 2010 SP2` affected `Outlook 2013 SP1 and RT SP1` affected `Outlook 2016`

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774

x_refsource_CONFIRM

101098

vdb-entry

x_refsource_BID

1039542

vdb-entry

x_refsource_SECTRACK

https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-11774

Description

Affected Products

References