Security Team Intelligence
Trending CVEs for the Week of July 8th, 2019
- Jul 10, 2019
- Michael Tucker
CVE-2017-11774 – Microsoft Outlook Security Feature Bypass Vulnerability
Description
A security feature bypass vulnerability exists when Microsoft Outlook improperly handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
Affected Products
- Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
- Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
- Microsoft Outlook 2013 RT Service Pack 1
- Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
- Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
- Microsoft Outlook 2016 (32-bit edition)
- Microsoft Outlook 2016 (64-bit edition)
Exploitation and Risk
Currently, there is no working exploitation, however, an attacker can leverage this issue to bypass certain security restrictions and execute arbitrary commands in the context of the affected application; this may aid in launching further attacks.
Fixes
There are no workarounds or mitigations, but Microsoft has released software updates that address this vulnerability and upgrading to the newest version of the affected products is required to fix the issue.
