CVE-2017-11774
Published: 13 October 2017
Summary
CVE-2017-11774 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Microsoft Outlook. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 are affected by CVE-2017-11774, a security feature bypass vulnerability that stems from how Microsoft Office handles objects in memory. The flaw is tracked under CWE-119 and carries a CVSS 3.1 score of 7.8, enabling an attacker to execute arbitrary commands.
An unauthenticated local attacker can exploit the issue by supplying a specially crafted object that triggers the memory-handling flaw when opened or processed by Outlook. Successful exploitation grants full control over confidentiality, integrity, and availability on the affected system, requiring only user interaction such as opening a malicious message or file.
The Microsoft Security Response Center advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774 and related bulletins at SecurityFocus and SecurityTracker provide official guidance on available patches and mitigations for the listed Outlook versions. Additional technical analysis appears in references such as the SensePost blog post on Outlook home-page vectors.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-3382
Vulnerability details
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patches that close the memory-handling flaw in Outlook before a crafted object can be processed.
Requires malicious-code detection mechanisms on email clients and attachments that can block the specially crafted objects used to exploit CVE-2017-11774.
Enforces least-functionality restrictions on Outlook (e.g., disabling automatic rendering or external object loading) that reduce the attack surface for memory-based command execution.