Back to KEVs

CVE-2014-1776

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 29, 2014
Published Date
April 27, 2014
Last Updated
May 29, 2025
Vendor
Microsoft
Product
Internet Explorer
Description
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."
Tags
cisa

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2022-01-28 00:00:00 UTC) Source

References

http://securitytracker.com/id?1030154 http://www.osvdb.org/106311 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-021 http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx http://secunia.com/advisories/57908 http://www.signalsec.com/cve-2014-1776-ie-0day-analysis/ http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html http://www.kb.cert.org/vuls/id/222929 https://technet.microsoft.com/library/security/2963983 http://www.securityfocus.com/bid/67075

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-01-28 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel