0-Day Fixes

VULNERABILITY IN INTERNET EXPLORER COULD ALLOW REMOTE CODE EXECUTION

Summary

A vulnerability in versions 6 - 11 of the Microsoft Internet Explorer web browser may, if successfully exploited, allow a remote attacker to execute arbitrary code in the context of the current user. Microsoft has received reports of limited, targeted attacks against this vulnerability in the wild.

Detailed Description


A vulnerability in the way Internet Explorer accesses an object in memory that has been deleted or improperly allocated can corrupt the memory and allow an attacker to execute arbitrary code in Internet Explorer in the context of the current user.

Successful exploitation may gain the attacker the same user rights as the current user; if the user has full administrative privileges on the system, the attacker may gain complete control of the system.

In order to exploit this vulnerability, the attacker must lure a user into viewing a specially crafted webpage. The restricted Enhanced Security Configuration mode set as default on some versions of Windows Server (2003, 2008, 2008 R2, 2012 and 2012 R2) mitigates this vulnerability.

CVE Reference


  • CVE-2014-1776

Detected Exploit


Detections

  • Exploit:JS/CVE-2014-1776.A

Databases

  • Hydra database version 2014-04-29_03 at 20:50:41 UTC

Release Dates

  • 29 April 2014

Solution


Update (2 May 2014): A patch for CVE-2014-1776 has been released in a security update, as addressed in this report: Security update for Internet Explorer.

Instructions for a workaround and use of the Enhanced Mitigation Experience Toolkit (EMET) are available in the Microsoft Security Advisory 2963983.

Removal/Disinfection

Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.

Original Source


Microsoft Security Advisory 2963983

SCAN & CLEAN?: YES FREE?: ABSOLUTELY

Scan and clean your PC with F-Secure's Online Scanner. The best thing is, its free!

Learn More Try Out Now!