NVD - CVE-2017-11774 (original) (raw)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
http://www.securityfocus.com/bid/101098	CVE, Microsoft Corporation	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039542	CVE, Microsoft Corporation	Broken Link Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774	CVE, Microsoft Corporation	Patch Vendor Advisory
https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/	CVE, Microsoft Corporation	Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11774	CISA-ADP	US Government Resource

Change History

13 change records found show changes

Modified Analysis by NIST 4/22/2026 9:48:34 AM

Action	Type	Old Value	New Value
Added	Reference Type		CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2017-11774 Types: US Government Resource

CVE Modified by CISA-ADP 10/21/2025 8:16:02 PM

Action	Type	Old Value	New Value
Added	Reference		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2017-11774

CVE Modified by CISA-ADP 10/21/2025 4:16:46 PM

Action	Type	Old Value	New Value
Removed	Reference	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2017-11774

CVE Modified by CISA-ADP 10/21/2025 3:17:02 PM

Action	Type	Old Value	New Value
Added	Reference		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2017-11774

Modified Analysis by NIST 2/11/2025 12:02:15 PM

Action	Type	Old Value	New Value

CVE Modified by CISA-ADP 2/10/2025 3:15:39 PM

Action	Type	Old Value	New Value
Added	CVSS V3.1		AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Added	CWE		CWE-119

CVE Modified by CVE 11/20/2024 10:08:28 PM

Action	Type	New Value
Added	Reference	http://www.securityfocus.com/bid/101098
Added	Reference	http://www.securitytracker.com/id/1039542
Added	Reference	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
Added	Reference	https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/

Modified Analysis by NIST 7/25/2024 9:42:48 AM

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Removed	CVSS V3	NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Changed	CPE Configuration	OR cpe:2.3:a:microsoft:outlook::sp1:::::: cpe:2.3:a:microsoft:outlook:2010:sp2::::::* cpe:2.3:a:microsoft:outlook:2013:sp1::::::* cpe:2.3:a:microsoft:outlook:2016:::::::	OR cpe:2.3:a:microsoft:outlook:2010:sp2::::::* cpe:2.3:a:microsoft:outlook:2013:sp1:::-::: cpe:2.3:a:microsoft:outlook:2013:sp1:::rt::: cpe:2.3:a:microsoft:outlook:2016:::::::
Changed	Reference Type	http://www.securityfocus.com/bid/101098 Third Party Advisory, VDB Entry	http://www.securityfocus.com/bid/101098 Broken Link, Third Party Advisory, VDB Entry
Changed	Reference Type	http://www.securitytracker.com/id/1039542 Third Party Advisory, VDB Entry	http://www.securitytracker.com/id/1039542 Broken Link, Third Party Advisory, VDB Entry
Changed	Reference Type	https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/ No Types Assigned	https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/ Exploit

CVE Modified by Microsoft Corporation 5/14/2024 12:17:14 AM

Action	Type	Old Value	New Value

CPE Deprecation Remap by NIST 8/30/2021 10:28:27 AM

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:a:microsoft:outlook_2013_rt::sp1::::::	OR cpe:2.3:a:microsoft:outlook::sp1::::::

CVE Modified by Microsoft Corporation 7/11/2019 3:15:12 PM

Action	Type	Old Value	New Value
Added	Reference		https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/ [No Types Assigned]

Initial Analysis by NIST 11/03/2017 12:25:18 PM

Action	Type	Old Value	New Value
Added	CVSS V3		AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Added	CVSS V2		(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Added	CWE		CWE-119
Added	CPE Configuration		OR cpe:2.3:a:microsoft:outlook:2010:sp2::::::* cpe:2.3:a:microsoft:outlook:2013:sp1::::::* cpe:2.3:a:microsoft:outlook:2016::::::: cpe:2.3:a:microsoft:outlook_2013_rt::sp1::::::
Changed	Reference Type	http://www.securityfocus.com/bid/101098 No Types Assigned	http://www.securityfocus.com/bid/101098 Third Party Advisory, VDB Entry
Changed	Reference Type	http://www.securitytracker.com/id/1039542 No Types Assigned	http://www.securitytracker.com/id/1039542 Third Party Advisory, VDB Entry
Changed	Reference Type	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774 No Types Assigned	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774 Patch, Vendor Advisory

CVE Modified by Microsoft Corporation 10/14/2017 9:29:01 PM

Action	Type	Old Value	New Value
Added	Reference		http://www.securityfocus.com/bid/101098 [No Types Assigned]
Added	Reference		http://www.securitytracker.com/id/1039542 [No Types Assigned]