CVE-2017-0204

MEDIUM

Microsoft Outlook <2016 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0204. PoCs published by ryhanson.

AI-analyzed exploit summary The repository contains only a README.md file with minimal content (just the CVE identifier) and no exploit code or technical details. It is a placeholder with no functional or analytical value.

Description

Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."

Exploits (1)

nomisec STUB

by ryhanson · poc

https://github.com/ryhanson/CVE-2017-0204

View Code ZIP pw:eip

The repository contains only a README.md file with minimal content (just the CVE identifier) and no exploit code or technical details. It is a placeholder with no functional or analytical value.

Classification

Stub 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038227

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0204

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97458

Scores

CVSS v3 5.5

EPSS 0.1901

EPSS Percentile 97.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

Status published

Products (5)

microsoft/outlook 2007 sp3

microsoft/outlook 2010 sp2

microsoft/outlook 2013 sp1

microsoft/outlook 2016

Microsoft Corporation/Outlook Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016

Published Apr 12, 2017

Tracked Since Feb 18, 2026