Summary
This host is missing a critical security update according to Microsoft Bulletin MS14-021.
Impact
Successful exploitation will allow attackers to corrupt memory by the execution of arbitrary code in the context of the current user.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms14-021
Insight
The flaw exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x/11.x
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
- http://secunia.com/advisories/57908
- http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
- http://www.kb.cert.org/vuls/id/222929
- http://www.osvdb.com/106311
- https://technet.microsoft.com/library/security/2963983
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2014-1776 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
- Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
- Consent User Interface Privilege Escalation Vulnerability (2442962)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)