Trending CVEs for the Week of July 8th, 2019
CVE-2017-11774 – Microsoft Outlook Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Outlook improperly handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
- Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
- Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
- Microsoft Outlook 2013 RT Service Pack 1
- Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
- Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
- Microsoft Outlook 2016 (32-bit edition)
- Microsoft Outlook 2016 (64-bit edition)
Exploitation and Risk
Currently, there is no working exploitation, however, an attacker can leverage this issue to bypass certain security restrictions and execute arbitrary commands in the context of the affected application; this may aid in launching further attacks.
There are no workarounds or mitigations, but Microsoft has released software updates that address this vulnerability and upgrading to the newest version of the affected products is required to fix the issue.