CVE-2017-11776
published 2017-10-13CVE-2017-11776: Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook…
PriorityP342high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
9.39%
94.8th percentile
Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | outlook | — | — |
| microsoft_corporation | microsoft_outlook | — | — |
| msrc | microsoft_outlook_2016 | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Outlook Information Disclosure Vulnerability
vendor_msrc·2017-10-10·CVSS 7.5
CVE-2017-11776 [HIGH] Microsoft Outlook Information Disclosure Vulnerability
Microsoft Outlook Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Outlook fails to establish a secure connection.
An attacker who exploited the vulnerability could use it to obtain the email content of a user.
The security update addresses the vulnerability by preventing Outlook from disclosing user email content.
Microsoft Office: Microsoft Office
Issuing CNA: Microsoft
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:N/A;DOS:N/A
Reference: https://www.microsoft.com/downloads/details.aspx?familyid=982a95fa-4f1a-47f3-b862-cdc9b5a3967d
GHSA
GHSA-67jx-559h-x478: Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft
ghsa_unreviewed·2022-05-17
CVE-2017-11776 [HIGH] CWE-200 GHSA-67jx-559h-x478: Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft
Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability."
No detection rules found.
No public exploits indexed.
Krebs
Microsoft’s October Patch Batch Fixes 62 Flaws
blogs_krebs·2017-10-11·CVSS 7.5
[HIGH] Microsoft’s October Patch Batch Fixes 62 Flaws
Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows , Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start.
Roughly half of the flaws Microsoft addressed this week are in the code that makes up various versions of Windows, and 28 of them were labeled “critical” — meaning malware or malicious attackers could use the weaknesses to break into Windows computers remotely with no help from users.
One of the publicly disclosed Windows flaws ( CVE-2017-8703 ) fixed in this batch is a problem with a feature only present in Windows 10 known as the Windows Subsystem for Linux , which allows Wi
Krebs
Microsoft’s October Patch Batch Fixes 62 Flaws
blogs_krebs·2017-10-11·CVSS 7.5
CVE-2017-8703 [HIGH] Microsoft’s October Patch Batch Fixes 62 Flaws
Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start.
One of the publicly disclosed Windows flaws (CVE-2017-8703) fixed in this batch is a problem with a feature only present in Windows 10 known as the Windows Subsystem for Linux, which allows Windows 10 users to run unmodified Linux binary files. Researchers at CheckPoint recently released some interesting research worth reading about how attackers might soon use this capability to bypass antivirus and other security solutions on Windows.
The bug quashed this week that’s being ac
Talos
Microsoft Patch Tuesday - October 2017
blogs_talos·2017-10-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - October 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more.
## Vulnerabilities Rated CriticalThe following vulnerabilities are rated "Critical" by Microsoft:
- CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerabi
http://www.securityfocus.com/bid/101106http://www.securitytracker.com/id/1039542https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776http://www.securityfocus.com/bid/101106http://www.securitytracker.com/id/1039542https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776
2017-10-13
Published