Gravedad: Crítico
  Identificadores de CVE : CVE-2014-1776
  Fecha recomendada: 21 de julio de 2015

  Descripción

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."

  Revelación de la información

Apply associated Trend Micro DPI Rules.

  Soluciones

  Trend Micro Deep Security DPI Rule Number: 1006030
  Trend Micro Deep Security DPI Rule Name: 1006030 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)

  Software y versión afectados

  • microsoft internet_explorer 10
  • microsoft internet_explorer 11
  • microsoft internet_explorer 6
  • microsoft internet_explorer 7
  • microsoft internet_explorer 8
  • microsoft internet_explorer 9