| CVE-ID |
CVE-2014-1776
|
• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
|
| Description |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through
11 allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption) via vectors related to the
CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild
in April 2014. NOTE: this issue originally emphasized VGX.DLL, but
Microsoft clarified that "VGX.DLL does not contain the vulnerable code
leveraged in this exploit. Disabling VGX.DLL is an exploit-specific
workaround that provides an immediate, effective workaround to help
block known attacks."
|
| References |
|
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
|
|
|
| Date Entry Created |
| 20140129 |
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
|
| Phase (Legacy) |
| Assigned (20140129) |
| Votes (Legacy) |
|
| Comments (Legacy) |
|
| Proposed (Legacy) |
| N/A |
|
This is an entry on the CVE
list, which standardizes names for security
problems. |
|
|
|
For More Information: [email protected]
|
