Search criteria
11 vulnerabilities found for Microsoft Outlook by Microsoft Corporation
CVE-2018-0850 (GCVE-0-2018-0850)
Vulnerability from cvelistv5 – Published: 2018-02-15 02:00 – Updated: 2024-09-17 02:58
VLAI?
Summary
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
Severity ?
No CVSS data available.
CWE
- Important
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Outlook |
Affected:
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:10.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850"
},
{
"name": "1040382",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040382"
},
{
"name": "102866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka \"Microsoft Outlook Elevation of Privilege Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Important",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850"
},
{
"name": "1040382",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040382"
},
{
"name": "102866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka \"Microsoft Outlook Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Important"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850"
},
{
"name": "1040382",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040382"
},
{
"name": "102866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0850",
"datePublished": "2018-02-15T02:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T02:58:20.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0793 (GCVE-0-2018-0793)
Vulnerability from cvelistv5 – Published: 2018-01-10 01:00 – Updated: 2024-09-16 20:41
VLAI?
Summary
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Outlook |
Affected:
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
},
{
"name": "102375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102375"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
},
{
"name": "102375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102375"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040154",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040154"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
},
{
"name": "102375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102375"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0793",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T20:41:56.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0791 (GCVE-0-2018-0791)
Vulnerability from cvelistv5 – Published: 2018-01-10 01:00 – Updated: 2024-09-16 20:16
VLAI?
Summary
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Outlook |
Affected:
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"name": "102383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0793."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"name": "102383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0793."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040154",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040154"
},
{
"name": "102383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102383"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0791",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T20:16:21.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11774 (GCVE-0-2017-11774)
Vulnerability from cvelistv5 – Published: 2017-10-13 13:00 – Updated: 2025-10-21 23:55
VLAI?
Summary
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
Severity ?
7.8 (High)
CWE
- Security Feature Bypass
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Outlook |
Affected:
Microsoft Outlook 2010 SP2
Affected: Outlook 2013 SP1 and RT SP1 Affected: Outlook 2016 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774"
},
{
"name": "101098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101098"
},
{
"name": "1039542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039542"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-11774",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T14:45:34.549770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11774"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:55:31.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11774"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2017-11774 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2010 SP2"
},
{
"status": "affected",
"version": "Outlook 2013 SP1 and RT SP1"
},
{
"status": "affected",
"version": "Outlook 2016"
}
]
}
],
"datePublic": "2017-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka \"Microsoft Outlook Security Feature Bypass Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T18:16:14.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774"
},
{
"name": "101098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101098"
},
{
"name": "1039542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039542"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2010 SP2"
},
{
"version_value": "Outlook 2013 SP1 and RT SP1"
},
{
"version_value": "Outlook 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka \"Microsoft Outlook Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774"
},
{
"name": "101098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101098"
},
{
"name": "1039542",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039542"
},
{
"name": "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/",
"refsource": "MISC",
"url": "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11774",
"datePublished": "2017-10-13T13:00:00.000Z",
"dateReserved": "2017-07-31T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:55:31.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11776 (GCVE-0-2017-11776)
Vulnerability from cvelistv5 – Published: 2017-10-13 13:00 – Updated: 2024-09-16 23:36
VLAI?
Summary
Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Outlook |
Affected:
Microsoft Outlook 2016
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776"
},
{
"name": "101106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101106"
},
{
"name": "1039542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2016"
}
]
}
],
"datePublic": "2017-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka \"Microsoft Outlook Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-14T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776"
},
{
"name": "101106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101106"
},
{
"name": "1039542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039542"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka \"Microsoft Outlook Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776"
},
{
"name": "101106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101106"
},
{
"name": "1039542",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039542"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11776",
"datePublished": "2017-10-13T13:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-16T23:36:35.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0850 (GCVE-0-2018-0850)
Vulnerability from nvd – Published: 2018-02-15 02:00 – Updated: 2024-09-17 02:58
VLAI?
Summary
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
Severity ?
No CVSS data available.
CWE
- Important
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Outlook |
Affected:
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:10.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850"
},
{
"name": "1040382",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040382"
},
{
"name": "102866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka \"Microsoft Outlook Elevation of Privilege Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Important",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850"
},
{
"name": "1040382",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040382"
},
{
"name": "102866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka \"Microsoft Outlook Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Important"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850"
},
{
"name": "1040382",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040382"
},
{
"name": "102866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0850",
"datePublished": "2018-02-15T02:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T02:58:20.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0793 (GCVE-0-2018-0793)
Vulnerability from nvd – Published: 2018-01-10 01:00 – Updated: 2024-09-16 20:41
VLAI?
Summary
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Outlook |
Affected:
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
},
{
"name": "102375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102375"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
},
{
"name": "102375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102375"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040154",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040154"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
},
{
"name": "102375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102375"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0793",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T20:41:56.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0791 (GCVE-0-2018-0791)
Vulnerability from nvd – Published: 2018-01-10 01:00 – Updated: 2024-09-16 20:16
VLAI?
Summary
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Outlook |
Affected:
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"name": "102383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0793."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040154"
},
{
"name": "102383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0793."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040154",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040154"
},
{
"name": "102383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102383"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0791",
"datePublished": "2018-01-10T01:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-16T20:16:21.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11774 (GCVE-0-2017-11774)
Vulnerability from nvd – Published: 2017-10-13 13:00 – Updated: 2025-10-21 23:55
VLAI?
Summary
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
Severity ?
7.8 (High)
CWE
- Security Feature Bypass
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Outlook |
Affected:
Microsoft Outlook 2010 SP2
Affected: Outlook 2013 SP1 and RT SP1 Affected: Outlook 2016 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774"
},
{
"name": "101098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101098"
},
{
"name": "1039542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039542"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-11774",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T14:45:34.549770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11774"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:55:31.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11774"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2017-11774 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2010 SP2"
},
{
"status": "affected",
"version": "Outlook 2013 SP1 and RT SP1"
},
{
"status": "affected",
"version": "Outlook 2016"
}
]
}
],
"datePublic": "2017-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka \"Microsoft Outlook Security Feature Bypass Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T18:16:14.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774"
},
{
"name": "101098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101098"
},
{
"name": "1039542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039542"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2010 SP2"
},
{
"version_value": "Outlook 2013 SP1 and RT SP1"
},
{
"version_value": "Outlook 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka \"Microsoft Outlook Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774"
},
{
"name": "101098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101098"
},
{
"name": "1039542",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039542"
},
{
"name": "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/",
"refsource": "MISC",
"url": "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11774",
"datePublished": "2017-10-13T13:00:00.000Z",
"dateReserved": "2017-07-31T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:55:31.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11776 (GCVE-0-2017-11776)
Vulnerability from nvd – Published: 2017-10-13 13:00 – Updated: 2024-09-16 23:36
VLAI?
Summary
Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Outlook |
Affected:
Microsoft Outlook 2016
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776"
},
{
"name": "101106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101106"
},
{
"name": "1039542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Outlook 2016"
}
]
}
],
"datePublic": "2017-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka \"Microsoft Outlook Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-14T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776"
},
{
"name": "101106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101106"
},
{
"name": "1039542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039542"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka \"Microsoft Outlook Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776"
},
{
"name": "101106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101106"
},
{
"name": "1039542",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039542"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11776",
"datePublished": "2017-10-13T13:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-16T23:36:35.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2011-000040
Vulnerability from jvndb - Published: 2011-06-16 12:25 - Updated:2011-06-16 12:25Summary
Microsoft Outlook read receipt function vulnerability
Details
Microsoft Outlook contains a vulnerability in the read receipt function.
Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received.
Ayako Kozakai of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000040.html",
"dc:date": "2011-06-16T12:25+09:00",
"dcterms:issued": "2011-06-16T12:25+09:00",
"dcterms:modified": "2011-06-16T12:25+09:00",
"description": "Microsoft Outlook contains a vulnerability in the read receipt function.\r\n\r\nMicrosoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received.\r\n\r\nAyako Kozakai of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000040.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:outlook",
"@product": "Microsoft Outlook",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000040",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN40382909/index.html",
"@id": "JVN#40382909",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Microsoft Outlook read receipt function vulnerability"
}