{"cve":{"cve_id":"CVE-2017-11774","is_kev":true,"kev_date_added":"2021-11-03","kev_vendor_project":"Microsoft","kev_product":"Office","kev_vulnerability_name":"Microsoft Office Outlook Security Feature Bypass Vulnerability","kev_short_description":"Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-05-03","kev_known_ransomware":false,"kev_notes":"https://nvd.nist.gov/vuln/detail/CVE-2017-11774","kev_cwes":["CWE-119"],"epss_score":0.59893,"epss_percentile":0.99009,"epss_as_of":"2026-06-23","description":"Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka \"Microsoft Outlook Security Feature Bypass Vulnerability.\"","published_at":"2017-10-13T13:00:00Z","last_modified_at":null,"cvss_v3_score":7.8,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-119"],"nvd_references":["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774","http://www.securityfocus.com/bid/101098","http://www.securitytracker.com/id/1039542","https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:09:26.431687Z"},"effective_severity":"HIGH","badges":["kev","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"microsoft-corporation","vendor_name":"Microsoft Corporation","product_slug":"microsoft-outlook","product_name":"Microsoft Outlook","version_start":"Microsoft Outlook 2010 SP2","version_start_inclusive":true,"version_end":"Microsoft Outlook 2010 SP2","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft-corporation:microsoft-outlook:Microsoft Outlook 2010 SP2:Microsoft Outlook 2010 SP2"},{"vendor_slug":"microsoft-corporation","vendor_name":"Microsoft Corporation","product_slug":"microsoft-outlook","product_name":"Microsoft Outlook","version_start":"Outlook 2013 SP1 and RT SP1","version_start_inclusive":true,"version_end":"Outlook 2013 SP1 and RT SP1","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft-corporation:microsoft-outlook:Outlook 2013 SP1 and RT SP1:Outlook 2013 SP1 and RT SP1"},{"vendor_slug":"microsoft-corporation","vendor_name":"Microsoft Corporation","product_slug":"microsoft-outlook","product_name":"Microsoft Outlook","version_start":"Outlook 2016","version_start_inclusive":true,"version_end":"Outlook 2016","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft-corporation:microsoft-outlook:Outlook 2016:Outlook 2016"}],"exploit_refs":[],"news":[],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"http://www.securityfocus.com/bid/101098","source_type":"MISC","tags":[]},{"url":"http://www.securitytracker.com/id/1039542","source_type":"MISC","tags":[]},{"url":"https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2017-10-13T13:00:00Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2021-11-03T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"ssvc_changed","at":"2026-06-24T00:31:06.710831Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:06.710831Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:06.710831Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:06.710831Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:06.710831Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:06.710831Z","label":"CVSS score revised","source":"vulnrichment"}]}