High severity7.8CISA KEVNVD Advisory· Published Oct 13, 2017· Updated Apr 22, 2026

CVE-2017-11774

Description

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Affected products

Microsoft/Outlook4 versions
cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:*
- cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*
- cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774nvdPatchVendor Advisory
sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/nvdExploit
www.securityfocus.com/bid/101098nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039542nvdBroken LinkThird Party AdvisoryVDB Entry
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.068
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000