Trending CVEs for the Week of July 8th, 2019

CVE-2017-11774 – Microsoft Outlook Security Feature Bypass Vulnerability

Description 

A security feature bypass vulnerability exists when Microsoft Outlook improperly handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

Affected Products

  • Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
  • Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
  • Microsoft Outlook 2013 RT Service Pack 1
  • Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
  • Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
  • Microsoft Outlook 2016 (32-bit edition)
  • Microsoft Outlook 2016 (64-bit edition)

Exploitation and Risk

Currently, there is no working exploitation, however, an attacker can leverage this issue to bypass certain security restrictions and execute arbitrary commands in the context of the affected application; this may aid in launching further attacks.

Fixes

There are no workarounds or mitigations, but Microsoft has released software updates that address this vulnerability and upgrading to the newest version of the affected products is required to fix the issue.

References

National Vulnerability Database

Microsoft Security Updates