Summary
This host is missing a critical security update according to Microsoft Bulletin MS14-021.
Impact
Successful exploitation will allow attackers to corrupt memory by the execution of arbitrary code in the context of the current user.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms14-021
Insight
The flaw exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x/11.x
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
- http://secunia.com/advisories/57908
- http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
- http://www.kb.cert.org/vuls/id/222929
- http://www.osvdb.com/106311
- https://technet.microsoft.com/library/security/2963983
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2014-1776 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Consent User Interface Privilege Escalation Vulnerability (2442962)
- Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
- Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
- Microsoft Hyper-V Privilege Elevation Vulnerability (2893986)
- Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)