Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)
Publish date: 21 de julio de 2015
Gravedad: Crítico
Identificadores de CVE : CVE-2014-1776
Fecha recomendada: 21 de julio de 2015
Descripción
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1006030
Trend Micro Deep Security DPI Rule Name: 1006030 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)
Software y versión afectados
- microsoft internet_explorer 10
- microsoft internet_explorer 11
- microsoft internet_explorer 6
- microsoft internet_explorer 7
- microsoft internet_explorer 8
- microsoft internet_explorer 9