CVE-2017-11774

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:*
cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*
cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*

History

25 Jul 2024, 13:42

Type Values Removed Values Added
CPE cpe:2.3:a:microsoft:outlook:*:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*
cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:*
References () http://www.securityfocus.com/bid/101098 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/101098 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1039542 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1039542 - Broken Link, Third Party Advisory, VDB Entry
References () https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/ - () https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/ - Exploit

30 Aug 2021, 14:28

Type Values Removed Values Added
CPE cpe:2.3:a:microsoft:outlook_2013_rt:*:sp1:*:*:*:*:*:* cpe:2.3:a:microsoft:outlook:*:sp1:*:*:*:*:*:*

Information

Published : 2017-10-13 13:29

Updated : 2024-07-25 13:42


NVD link : CVE-2017-11774

Mitre link : CVE-2017-11774

CVE.ORG link : CVE-2017-11774


JSON object : View

Products Affected

microsoft

  • outlook
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer