7.8
CVSSv3

CVE-2017-11774

Published: 13/10/2017 Updated: 30/08/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 607
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an malicious user to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft outlook 2010

microsoft outlook 2016

microsoft outlook

microsoft outlook 2013

Github Repositories

A Powershell module including a couple of cmdlets for EWS Enum/Exploitation.

A couple of Cmdlets leveraging EWS API (In case access over MAPI is limited) for performing specific enumeration/exploitation tasks on Exchange Servers (Office365, Premises-based Servers etc) during RT engagements; Retrieving basic statistics about mailboxes, generating statistics charts for compromized accounts and average mail data size that could be exfiltrated which can

used to generate a valid attack chain to exploit CVE-2017-11774 tied to iranian apt only reasearch poc dont use for harm please

SniperRoost used to generate a valid attack chain to exploit CVE-2017-11774 tied to iranian apt only reasearch poc dont use for harm please

Awesome CVE PoC ✍️ A curated list of CVE PoCs Here is a collection about Proof of Concepts of C

Awesome CVE PoC ✍️ A curated list of CVE PoCs Here is a collection about Proof of Concepts of C

✍️ A curated list of CVE PoCs.

Awesome CVE PoC ✍️ A curated list of CVE PoCs Here is a collection about Proof of Concepts of C

Recent Articles

US Cyber Command warns that the Outlook is not so good - Iranians hitting email flaw
The Register • Shaun Nichols in San Francisco • 03 Jul 2019

Government-backed campaign going after bug that was patched in 2017

An ongoing Iranian government-backed hacking campaign is now trying to exploit a Microsoft Outlook flaw from 2017.
The US Cyber Command has issued an alert that hackers have been actively going after CVE-2017-11774. The flaw is a sandbox escape bug in Outlook that allows an attacker who already possesses the victim's Outlook credentials to change the user's home page. That page, in turn, can have embedded code that downloads and executes malware when Outlook is opened.
The timing of ...

US Cyber Command warns that the Outlook is not so good - Iranians hitting email flaw
The Register • Shaun Nichols in San Francisco • 03 Jul 2019

Government-backed campaign going after bug that was patched in 2017

An ongoing Iranian government-backed hacking campaign is now trying to exploit a Microsoft Outlook flaw from 2017.
The US Cyber Command has issued an alert that hackers have been actively going after CVE-2017-11774. The flaw is a sandbox escape bug in Outlook that allows an attacker who already possesses the victim's Outlook credentials to change the user's home page. That page, in turn, can have embedded code that downloads and executes malware when Outlook is opened.
The timing of ...

OVERRULED: Containing a Potentially Destructive Adversary
Fireeye Threat Research • by Geoff Ackerman, Rick Cole, Andrew Thompson, Alex Orleans, Nick Carr • 21 Dec 2018

UPDATE (Jul. 3, 2019): On May 16, 2019 FireEye's Advanced Practices
team attributed the remaining "suspected APT33 activity"
(referred to as GroupB in this blog post) to APT33, operating at the
behest of the Iranian government. The malware and tradecraft in this
blog post are consistent with the June
2019 intrusion campaign targeting U.S. federal government
agencies and financial, retail, media, and education sectors – as
well as U.S.
Cyber...

OVERRULED: Containing a Potentially Destructive Adversary
Fireeye Threat Research • by Geoff Ackerman, Rick Cole, Andrew Thompson, Alex Orleans, Nick Carr • 21 Dec 2018

Introduction
FireEye assesses APT33 may be behind a series of intrusions and attempted intrusions within the engineering industry. Public reporting indicates this activity may be related to recent destructive attacks. FireEye's Managed Defense has responded to and contained numerous intrusions that we assess are related. The actor is leveraging publicly available tools in early phases of the intrusion; however, we have observed them transition to custom implants in later stage activity in ...