CVE-2014-1776

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx	Mitigation
http://secunia.com/advisories/57908
http://securitytracker.com/id?1030154
http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html	Broken Link
http://www.kb.cert.org/vuls/id/222929	Mitigation Third Party Advisory US Government Resource
http://www.osvdb.org/106311
http://www.securityfocus.com/bid/67075	VDB Entry
http://www.signalsec.com/cve-2014-1776-ie-0day-analysis/	Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-021
https://technet.microsoft.com/library/security/2963983	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
	cpe:2.3:a:microsoft:internet_explorer:8:::::::*
	cpe:2.3:a:microsoft:internet_explorer:9:::::::*
	cpe:2.3:a:microsoft:internet_explorer:10:::::::*
	cpe:2.3:a:microsoft:internet_explorer:11:::::::*

History

No history.

Information

Published : 2014-04-27 10:55

Updated : 2018-10-12 22:06

NVD link : CVE-2014-1776

Mitre link : CVE-2014-1776

CVE.ORG link : CVE-2014-1776

JSON object : View

Products Affected

microsoft

internet_explorer

CWE

CWE-416

Use After Free

{"id": "CVE-2014-1776", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-27T10:55:03.340", "references": [{"url": "http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx", "tags": ["Mitigation"], "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/57908", "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1030154", "source": "secure@microsoft.com"}, {"url": "http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html", "tags": ["Broken Link"], "source": "secure@microsoft.com"}, {"url": "http://www.kb.cert.org/vuls/id/222929", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.osvdb.org/106311", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/67075", "tags": ["VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.signalsec.com/cve-2014-1776-ie-0day-analysis/", "tags": ["Third Party Advisory"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-021", "source": "secure@microsoft.com"}, {"url": "https://technet.microsoft.com/library/security/2963983", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that \"VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks.\""}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Microsoft Internet Explorer 6 hasta la versi\u00f3n 11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de vectores relacionados con la funci\u00f3n CMarkup::IsConnectedToPrimaryMarkup, tal como fue explotado activamente en abril de 2014. NOTA: este problema se enfatiz\u00f3 originalmente en VGX.DLL, pero Microsoft aclar\u00f3 que \"VGX.DLL no contiene el c\u00f3digo vulnerable aprovechado en esta explotaci\u00f3n. La deshabilitaci\u00f3n de VGX.DLL es una soluci\u00f3n espec\u00edfica para la explotaci\u00f3n que aporta una soluci\u00f3n inmediata y efectiva para ayudar a bloquear ataques conocidos\"."}], "lastModified": "2018-10-12T22:06:04.047", "cisaActionDue": "2022-07-28", "cisaExploitAdd": "2022-01-28", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Internet Explorer Memory Corruption Vulnerability"}