CVE-2017-11774

HIGH
2017-10-13 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:18 vuln.today
Added to CISA KEV
Oct 22, 2025 - 00:16 cisa
CISA KEV
PoC Detected
Oct 22, 2025 - 00:16 vuln.today
Public exploit code
Patch Released
Oct 22, 2025 - 00:16 nvd
Patch available
CVE Published
Oct 13, 2017 - 13:29 nvd
HIGH 7.8

Description

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Analysis

Microsoft Outlook 2010 through 2016 allows security feature bypass enabling arbitrary command execution through crafted documents, exploited by APT33 (Elfin) to execute commands directly from Outlook without macro warnings.

Technical Context

The CWE-119 vulnerability allows attackers to bypass Outlook's security restrictions by crafting content that triggers command execution through the Office object handling mechanism. Unlike macro-based attacks, this bypass executes without macro warnings, making it significantly more dangerous.

Affected Products

['Microsoft Outlook 2010 SP2', 'Microsoft Outlook 2013 SP1/RT SP1', 'Microsoft Outlook 2016']

Remediation

Apply Microsoft security update. Implement strict email filtering. Block Office from creating child processes via ASR rules. Monitor for APT33 indicators.

Priority Score

204
Low Medium High Critical
KEV: +50
EPSS: +84.6
CVSS: +39
POC: +20

Share

CVE-2017-11774 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy