CVE-2017-11774
published 2017-10-13CVE-2017-11774: Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles…
PriorityP181high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
59.89%
99.0th percentile
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft_corporation | microsoft_outlook | — | — |
| microsoft_corporation | microsoft_outlook | — | — |
| microsoft_corporation | microsoft_outlook | — | — |
| msrc | microsoft_outlook_2010_service_pack_2 | — | — |
| msrc | microsoft_outlook_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_outlook_2013_service_pack_1 | — | — |
| msrc | microsoft_outlook_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
SID 1:8068
- →Monitor for creation or modification of Outlook WebView registry keys under HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\WebView\ pointing to external URLs, which is the mechanism used by the Specula tool and APT33 to establish persistence via CVE-2017-11774. ↗
- →Detect VBScript or JScript execution spawned from or within the context of outlook.exe, as the attacker-controlled home page serves custom VBScript files for arbitrary command execution. ↗
- →Alert on Snort SID 1:8068 (Browser-plugins class) for network-level detection of CVE-2017-11774 exploitation attempts. ↗
- →Use Check Point IPS blade signature 'Microsoft Outlook Security Feature Bypass (CVE-2017-11774)' for network-level detection of active exploitation by APT33. ↗
- →Hunt for the Outlook Home Page (T1137.004) persistence technique; OilRig/APT34 abused this feature and used CVE-2017-11774 to roll back the patch protecting against Home Page abuse.
- ·Even fully patched Office 365 builds remain vulnerable to the Specula/CVE-2017-11774 technique via registry manipulation, because Microsoft removed the UI but did not prevent registry-based home page configuration. ↗
- ·Initial device compromise is required to set the malicious Outlook registry entry, but once set the technique enables persistence and lateral movement without further exploitation. ↗
- ·Qualys QID 110306 can be used to scan for CVE-2017-11774 exposure in the environment. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Office Outlook Security Feature Bypass Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2017-11774 [HIGH] CWE-119 Microsoft Office Outlook Security Feature Bypass Vulnerability
Vulnerability: Microsoft Office Outlook Security Feature Bypass Vulnerability
Affected: Microsoft Office
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-11774
Remediation Due Date: 2022-05-03
Microsoft
Microsoft Outlook Security Feature Bypass Vulnerability
vendor_msrc·2017-10-10·CVSS 7.8
CVE-2017-11774 [HIGH] Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when Microsoft Outlook improperly handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince users to open the document file and interact with the document.
The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.
Microsoft Office: Microsoft Office
Issuing CNA: Microsoft
Impact: Security Feature Bypass
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Soft
GHSA
GHSA-9cq3-gr97-qxf7: Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office
ghsa_unreviewed·2022-05-13
CVE-2017-11774 [HIGH] CWE-119 GHSA-9cq3-gr97-qxf7: Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
VulnCheck
Microsoft Office Outlook Security Feature Bypass Vulnerability
vulncheck·2017·CVSS 7.8
CVE-2017-11774 [HIGH] CWE-119 Microsoft Office Outlook Security Feature Bypass Vulnerability
Microsoft Office Outlook Security Feature Bypass Vulnerability
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.
Affected: Microsoft Office
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html; https://www.tenable.com/blog/daisy-chaining-how-vulnerabilities-can-be-greater-than-the-sum-of-their-parts; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.tenable.com/blog/frequently-asked-questions-about-iranian-cyber-operations; https://www.picussecurity.com/resource/irani
No detection rules found.
No public exploits indexed.
Wiz
What is APT33? | Wiz
blogs_wiz·2026-02-06
What is APT33? | Wiz
## Who is APT33?
APT33 is an Iranian state-sponsored advanced persistent threat (APT) group that has been conducting cyber espionage operations since at least 2013. The group is distinct from other Iranian actors due to its specific focus on aerospace and energy sectors, aiming to steal intellectual property that directly benefits Iran's domestic industries. Security researchers assess that APT33 likely operates in support of Iran's Islamic Revolutionary Guard Corps (IRGC), based on targeting patterns that align with national military priorities. This assessment reflects moderate-to-high confidence attribution derived from operational timing, victim selection, and tooling overlap with other Iranian clusters.
Click to view the Cloud Threat Landscape
### Attribution and aliases
Security
Wiz
What is APT33? | Wiz
blogs_wiz·2026-02-06
What is APT33? | Wiz
## Who is APT33?
APT33 is an Iranian state-sponsored advanced persistent threat (APT) group that has been conducting cyber espionage operations since at least 2013. The group is distinct from other Iranian actors due to its specific focus on aerospace and energy sectors, aiming to steal intellectual property that directly benefits Iran's domestic industries. Security researchers assess that APT33 likely operates in support of Iran's Islamic Revolutionary Guard Corps (IRGC), based on targeting patterns that align with national military priorities. This assessment reflects moderate-to-high confidence attribution derived from operational timing, victim selection, and tooling overlap with other Iranian clusters.
## Attribution and aliases
Security vendors often track the same threat actors
Tenable
Frequently Asked Questions About Iranian Cyber Operations
blogs_tenable·2025-06-27
Frequently Asked Questions About Iranian Cyber Operations
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
New Specula tool uses Outlook for remote code execution in Windows
blogs_bleepingcomputer·2024-07-29·CVSS 7.8
[HIGH] New Specula tool uses Outlook for remote code execution in Windows
## New Specula tool uses Outlook for remote code execution in Windows
## Sergiu Gatlan
However, even though Microsoft patched the flaw and removed the user interface to show Outlook home pages, attackers can still create malicious home pages using Windows Registry values, even on systems where the latest Office 365 builds are installed.
As Trusted explains , Specula runs purely in Outlook's context, and it works by setting a custom Outlook home page via registry keys that call out to an interactive Python web server.
To do that, non-privileged threat actors can set a URL target in Outlook's WebView registry entries under HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\WebView\ to an external website under their control.
The attacker-controlled Outlook home page is designed to
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Qualys
Unpacking the CVEs in the FireEye Breach – Start Here First
blogs_qualys·2021-02-01·CVSS 7.8
CVE-2020-1472 [HIGH] Unpacking the CVEs in the FireEye Breach – Start Here First
In a blog post on Dec. 22, 2020, Qualys revealed it has identified 7.5 million instances of vulnerability to the stolen FireEye Red Team assessment tools across an anonymized set of its 15,700-member customer base.
Of the 7.5 million instances of vulnerability, 99.84% were caused by only 8 CVEs, and over 99% were caused by these five CVEs: CVE-2020-1472, CVE-2019-0604, CVE-2017-11774, CVE-2016-0167 and CVE-2019-0708.
In this article, we examine the five CVEs in detail to:
Help SOC and operational security teams understand the behavioral aspects of these CVEs and plan defensive strategies;
Help threat hunting teams understand their threat attributes and associated attack vectors and take defensive actions against adversaries actively exploiting these CVEs.
From a threat perspective, we
Qualys
Unpacking the CVEs in the FireEye Breach - Start Here First | Qualys
blogs_qualys·2021-02-01·CVSS 7.8
CVE-2020-1472 [HIGH] Unpacking the CVEs in the FireEye Breach - Start Here First | Qualys
In a blog post on Dec. 22, 2020, Qualys revealed it has identified 7.5 million instances of vulnerability to the stolen FireEye Red Team assessment tools across an anonymized set of its 15,700-member customer base.
Of the 7.5 million instances of vulnerability, 99.84% were caused by only 8 CVEs, and over 99% were caused by these five CVEs: CVE-2020-1472, CVE-2019-0604, CVE-2017-11774, CVE-2016-0167 and CVE-2019-0708.
In this article, we examine the five CVEs in detail to:
1. Help SOC and operational security teams understand the behavioral aspects of these CVEs and plan defensive strategies;
2. Help threat hunting teams understand their threat attributes and associated attack vectors and take defensive actions against adversaries actively exploiting these CVEs.
From a threat perspectiv
Tenable
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
blogs_tenable·2021-01-21
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Qualys Security Advisory: SolarWinds / FireEye
blogs_qualys·2020-12-22
Qualys Security Advisory: SolarWinds / FireEye
## Qualys Researchers found Millions of devices exposed to vulnerabilities used in the stolen FireEye Red Team tools and SolarWinds Orion by analyzing the anonymized set of vulnerabilities across Qualys’ worldwide customer base
## Qualys to offer a free 60-day integrated Vulnerability Management, Detection and Response service to help organizations quickly assess the devices impacted by SolarWinds Orion vulnerabilities, SUNBURST Trojan detections, or FireEye Red Team tools, and to remediate them and track their remediation via dynamic dashboards. Register at https://www.qualys.com/solarhack/
On Dec 8, FireEye disclosed the theft of its Red Team assessment tools which leverage over 16 known CVE’s to exploit client environments to test and validate their security posture. FireEye also conf
Unit42
Threat Brief: FireEye Red Team Tool Breach
blogs_unit42·2020-12-11
Threat Brief: FireEye Red Team Tool Breach
Threat Research Center
High Profile Threats
Vulnerabilities
## Threat Brief: FireEye Red Team Tool Breach
Unit 42
Published: December 10, 2020
High Profile Threats
Malware
Vulnerabilities
FireEye breach
## Executive Summary
On Dec. 8, 2020, one of the leading cybersecurity companies in the industry, FireEye, reported a breach and data exfiltration unlike any that we have seen previously. What makes this attack unique is not only the target, FireEye being a well-known cybersecurity company, but that the stolen data contains the internal, custom-crafted red-team and penetration testing tools used by the company to imitate different threat actors during customer security consultations. FireEye’s blog provided a wealth of information for defenders to implement security controls
Unit42
Threat Brief: FireEye Red Team Tool Breach
blogs_unit42·2020-12-11
Threat Brief: FireEye Red Team Tool Breach
## Executive Summary
On Dec. 8, 2020, one of the leading cybersecurity companies in the industry, FireEye, reported a breach and data exfiltration unlike any that we have seen previously. What makes this attack unique is not only the target, FireEye being a well-known cybersecurity company, but that the stolen data contains the internal, custom-crafted red-team and penetration testing tools used by the company to imitate different threat actors during customer security consultations. FireEye’s blog provided a wealth of information for defenders to implement security controls and mitigations for defense against the stolen tools. This data is being used by Palo Alto Networks to help ensure our customers are protected if the attackers choose to utilize the tools for malicious purposes.
It i
Fortinet
FireEye Red Team Tool Breach | Fortinet
blogs_fortinet·2020-12-11·CVSS 8.8
[HIGH] FireEye Red Team Tool Breach | Fortinet
PSIRT BLOGS
FireEye Red Team Tool Breach
By Carl Windsor | December 11, 2020
Executive Summary
On December 8th cyber security vendor FireEye reported a breach of their network and data exfiltration which included their internally developed Red Team tools. FireEye took the step of publishing details of these tools in a GitHub repository to allow other vendors to protect against their use by potential adversaries.
This breach has been attributed to a nation state threat actor so we do not expect to see these tools be widely abused in the wild, however with the additional information provided by FireEye, Fortinet have been able to ensure that these tools cannot be abused.
Threat Mitigation
None of the vulnerabilities disclosed as targeted in the tools were zero days, therefore FortiGuard
Qualys
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach
blogs_qualys·2020-12-10
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach
Update Jan 5, 2021 : New patching section with two new dashboard widgets showing the number of missing FireEye-related patches in your environment and the number of assets in your environment missing one of those patches.
Update Dec 23, 2020 : Added a new section on compensating controls.
Update Dec 22, 2020: FireEye disclosed the theft of their Red Team assessment tools. Hackers now have an influential collection of new techniques to draw upon.
Using Qualys VMDR, the vulnerabilities for Solorigate/SUNBURST can be prioritized for the following Real-Time Threat Indicators (RTIs):
Active Attacks
Solorigate Sunburst ( New RTI )
Original post : On December 8, 2020, FireEye disclosed theft of their Red Team assessment tools. These tools are used by FireEye to test and validate the securit
Qualys
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach | Qualys
blogs_qualys·2020-12-10
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach | Qualys
Update Jan 5, 2021: New patching section with two new dashboard widgets showing the number of missing FireEye-related patches in your environment and the number of assets in your environment missing one of those patches.
Update Dec 23, 2020: Added a new section on compensating controls.
Update Dec 22, 2020: FireEye disclosed the theft of their Red Team assessment tools. Hackers now have an influential collection of new techniques to draw upon.
Using Qualys VMDR, the vulnerabilities for Solorigate/SUNBURST can be prioritized for the following Real-Time Threat Indicators (RTIs):
- Active Attacks
- Solorigate Sunburst (New RTI)
Original post: On December 8, 2020, FireEye disclosed theft of their Red Team assessment tools. These tools are used by FireEye to test and validate the security
Zscaler
SolarWinds CyberAttack and FireEye Red Team Tools Coverage
blogs_zscaler·2020-12-09
SolarWinds CyberAttack and FireEye Red Team Tools Coverage
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Checkpoint
8th July – Threat Intelligence Bulletin
blogs_checkpoint·2019-07-08·CVSS 7.8
CVE-2018-7600 [HIGH] 8th July – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 8th July – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 8th July 2019, please download our Threat Intelligence Bulletin
TOP ATTACKS AND BREACHES
The Japanese-American international convenience store 7/11 has shut down its new mobile payment app after threat actors stole $500,000 from its users. The attackers were able to perform unwanted charges on customers’ accounts due to a flaw in the password reset function, which allows anyone to reset the password for other cu
Talos
2018 in Snort Rules
blogs_talos·2019-02-06
2018 in Snort Rules
This blog post was authored by Benny Ketelslegers of Cisco Talos
The cybersecurity field shifted quite a bit in 2018. With the boom of cryptocurrency, we saw a transition from ransomware to cryptocurrency miners. Talos researchers identified APT campaigns including VPNFilter, predominantly affecting small business and home office networking equipment, as well as Olympic Destroyer, apparently designed to disrupt the Winter Olympics.
But these headline-generating attacks were only a small part of the day-to-day protection provided by security systems. In this post, we'll review some of the findings created by investigating the most frequently triggered SNORTⓇ rules as reported by Cisco Meraki systems. These rules protected our customers from some of the most common attacks that, even though
Talos
Microsoft Patch Tuesday - October 2017
blogs_talos·2017-10-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - October 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more.
## Vulnerabilities Rated CriticalThe following vulnerabilities are rated "Critical" by Microsoft:
- CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerabi
Threat Intel
OilRig (OilRig, COBALT GYPSY, IRN2)
threat_intel
OilRig (OilRig, COBALT GYPSY, IRN2)
# Threat Actor Profile: OilRig
ATT&CK ID: G0049
Also known as: OilRig, COBALT GYPSY, IRN2, APT34, Helix Kitten, Evasive Serpens, Hazel Sandstorm, EUROPIUM, ITG13, Earth Simnavaz, Crambus, TA452
Suspected origin: Iran
## Overview
OilRig is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including financial, government, energy, chemical, and telecommunications. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. The group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nati
Threat Intel
APT33 (APT33, HOLMIUM, Elfin)
threat_intel
APT33 (APT33, HOLMIUM, Elfin)
# Threat Actor Profile: APT33
ATT&CK ID: G0064
Also known as: APT33, HOLMIUM, Elfin, Peach Sandstorm
Suspected origin: Iran
## Overview
APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.(Citation: FireEye APT33 Sept 2017)(Citation: FireEye APT33 Webinar Sept 2017)
## Techniques (TTPs)
### Resource Development
- T1588.002 Tool
Usage: APT33 has obtained and leveraged publicly-available tools for early intrusion activities.(Citation: FireEye APT33 Guardrail)(Citation: Symantec Elfin Mar 2019)
### Initial Access
- T1566.001 Spearphishing Attachment
Usage: APT33 has sent
http://www.securityfocus.com/bid/101098http://www.securitytracker.com/id/1039542https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/http://www.securityfocus.com/bid/101098http://www.securitytracker.com/id/1039542https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11774
2017-10-13
Published
2021-11-03
Added to CISA KEV
Exploited in the wild