Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Security Update for Internet Explorer


Report ID: MS201405001
Date Published: 2 May 2014

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Internet Explorer 11
Internet Explorer 10
Internet Explorer 9
Internet Explorer 8
Internet Explorer 7
Internet Explorer 6
 




Summary

Microsoft has released a security update that addresses a critical vulnerability in versions 6 to 11 of the Internet Explorer web browser. There have been reports of targeted attacks against this vulnerability in the wild.



Detailed Description

A vulnerability (CVE-2014-1776) in the way Internet Explorer accesses an object in memory that has been deleted or improperly allocated can corrupt the memory and allow an attacker to execute arbitrary code in Internet Explorer in the context of the current user.

Successful exploitation may gain the attacker the same user rights as the current user; if the user has full administrative privileges on the system, the attacker may gain complete control of the system.



CVE Reference

CVE-2014-1776



Solution

Install the latest security patch for applicable systems, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms14-021)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.