CVE-2017-11774

CVE Database · CVE-2017-11774

CVE-2017-11774

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

59.89%

Published

Oct 13, 2017

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoCdevcoinfet/SniperRoost★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-119CWE-119

Affected Products (4)

microsoft · outlookvulnerable

References (9)

http://www.securityfocus.com/bid/101098

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039542

Broken LinkThird Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774

PatchVendor Advisory

https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/

Exploit

http://www.securityfocus.com/bid/101098

Broken LinkThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs