Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)

  Severity: CRITICAL
  CVE Identifier: CVE-2014-1776
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1006030
  Trend Micro Deep Security DPI Rule Name: 1006030 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)

  AFFECTED SOFTWARE AND VERSION

  • microsoft internet_explorer 10
  • microsoft internet_explorer 11
  • microsoft internet_explorer 6
  • microsoft internet_explorer 7
  • microsoft internet_explorer 8
  • microsoft internet_explorer 9

Featured Stories