CVE-2017-11774

HighKnown Exploited

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how…

microsoft·CWE-119·Published 2017-10-13

CVSS

7.8

EPSS

0.60

KEV

Yes

Exploits

cve.orgen

240 chars

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

NVDen

240 chars

NVDes

284 chars

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 y RT SP1 y Outlook 2016 permite a un atacante ejecutar comandos arbitrarios por la manera en la que Microsoft Office gestiona los objetos en la memoria. Esto también se conoce como "Microsoft Outlook Security Feature Bypass Vulnerability".

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	cve.org	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H