Summary
This host is missing a critical security update according to Microsoft Bulletin MS14-021.
Impact
Successful exploitation will allow attackers to corrupt memory by the execution of arbitrary code in the context of the current user.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms14-021
Insight
The flaw exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x/11.x
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
- http://secunia.com/advisories/57908
- http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
- http://www.kb.cert.org/vuls/id/222929
- http://www.osvdb.com/106311
- https://technet.microsoft.com/library/security/2963983
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2014-1776 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (969897)
- Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
- Microsoft .NET Framework Multiple Vulnerabilities (2916607)
- Microsoft DirectShow Remote Code Execution Vulnerability (977935)
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)