CVE-2017-11774

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/101098
http://www.securitytracker.com/id/1039542
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
http://www.securityfocus.com/bid/101098
http://www.securitytracker.com/id/1039542
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/