Summary
This host is missing a critical security update according to Microsoft Bulletin MS14-021.
Impact
Successful exploitation will allow attackers to corrupt memory by the execution of arbitrary code in the context of the current user.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms14-021
Insight
The flaw exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x/11.x
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
- http://secunia.com/advisories/57908
- http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
- http://www.kb.cert.org/vuls/id/222929
- http://www.osvdb.com/106311
- https://technet.microsoft.com/library/security/2963983
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2014-1776 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
- Message Queuing Remote Code Execution Vulnerability (951071) - Remote
- Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)
- Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
- Microsoft Expression Design Remote Code Execution Vulnerability (2651018)