Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)
Severity: CRITICAL
CVE Identifier: CVE-2014-1776
Advisory Date: JUL 21, 2015
DESCRIPTION
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1006030
Trend Micro Deep Security DPI Rule Name: 1006030 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)
AFFECTED SOFTWARE AND VERSION
- microsoft internet_explorer 10
- microsoft internet_explorer 11
- microsoft internet_explorer 6
- microsoft internet_explorer 7
- microsoft internet_explorer 8
- microsoft internet_explorer 9