TROYANOSYVIRUS
Volver a CVEs

CVE-2017-11774

HIGHCISA KEV
7.8

Descripcion

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Detalles CVE

Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado10/13/2017
Ultima modificacion4/22/2026
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorMicrosoft
ProductoOffice
Nombre vulnerabilidadMicrosoft Office Outlook Security Feature Bypass Vulnerability
Fecha inclusion KEV2021-11-03
Fecha limite remediacion2022-05-03
Uso en ransomwareUnknown

Productos afectados

microsoft:outlook

Debilidades (CWE)

CWE-119CWE-119

Referencias

http://www.securityfocus.com/bid/101098(secure@microsoft.com)
http://www.securitytracker.com/id/1039542(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774(secure@microsoft.com)
https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/(secure@microsoft.com)
http://www.securityfocus.com/bid/101098(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039542(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774(af854a3a-2127-422b-91ae-364da2661108)
https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11774(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.