Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-1776

Published: 27/04/2014 Updated: 12/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 892
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet explorer 6

microsoft internet explorer 11

microsoft internet explorer 10

microsoft internet explorer 9

microsoft internet explorer 8

microsoft internet explorer 7

Recent Articles

Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
Symantec Threat Intelligence Blog • Security Response Attack Investigation Team • 06 May 2024

Windows zero day was exploited by Buckeye alongside Equation Group tools during 2016 attacks. Exploit and tools continued to be used after Buckeye's apparent disappearance in 2017.

Posted: 6 May, 20198 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinBuckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers LeakWindows zero day was exploited by Buckeye alongside Equation Group tools during 2016 attacks. Exploit and tools continued to be used after Buckeye's apparent disappearance in 2017.Key Findings The Buckeye attack group was using Equation Group tools to gain persistent ac...

Read more...
Microsoft Updates Internet Explorer against Highly Targeted 0day Distributing Pirpi
Securelist • Kurt Baumgartner • 01 May 2014

The patch is up! Microsoft is pushing out an Out of Band (OOB) security update MS14-021 to address the recently disclosed Internet Explorer 0day exploit incidents involving a known, high end threat actor. Cheers to a quick response from such a large vendor on this issue! The story goes like this. The week of the 20th, attackers known to send very well crafted emails to high value targets made an attempt to redirect folks’ browsers to sites hosting the IE 0day. The goal of the attacks was to de...

Read more...
Microsoft: You know we said NO MORE XP PATCHES? Well ...
The Register • Neil McAllister in San Francisco • 01 May 2014

IE vuln forces rethink on mercy bullet for elderly OS support

Microsoft has released patches for the latest critical security vulnerability plaguing Internet Explorer, including for Windows XP – despite months of claiming that it would never release another patch for the outdated OS past April 8 of this year. According to a blog post by Microsoft's general manager of Trustworthy Computing, Adrienne Hall, Redmond only relented on its threat to leave XP users twisting in the wind because vulnerability CVE-2014-1776 was disclosed so soon after the patch cu...

Read more...
Friends don't let friends use Internet Explorer – advice from US, UK, EU
The Register • Simon Sharwood • 27 Apr 2014

IE 6 to 11 at risk of hijacking, patch coming – but not for XP

Microsoft has warned of a new security flaw in all versions of its Internet Explorer web browser for Windows PCs. A patch has yet to be released for the crocked code. Vulnerability CVE-2014-1776, to give the problem its formal name, allows miscreants to hijack at-risk Windows computers. It's all due to “the way Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated”, the software giant explained on Saturday. The flaw means the browser “may c...

Read more...

References

CWE-416http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.htmlhttps://technet.microsoft.com/library/security/2963983http://www.signalsec.com/cve-2014-1776-ie-0day-analysis/http://securitytracker.com/id?1030154http://secunia.com/advisories/57908http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspxhttp://www.securityfocus.com/bid/67075http://www.kb.cert.org/vuls/id/222929http://www.osvdb.org/106311https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-021https://nvd.nist.govhttps://www.theregister.co.uk/2014/04/27/oops_we_did_it_again_microsoft_warns_of_ie_zero_day/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook