0-Day Fixes

Vulnerability in Internet Explorer could allow remote code execution

Report ID: CVE20141776
Date Published: 30 April 2014
Date Revised: 2 May 2014
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11


A vulnerability in versions 6 - 11 of the Microsoft Internet Explorer web browser may, if successfully exploited, allow a remote attacker to execute arbitrary code in the context of the current user. Microsoft has received reports of limited, targeted attacks against this vulnerability in the wild.

Detailed Description

A vulnerability in the way Internet Explorer accesses an object in memory that has been deleted or improperly allocated can corrupt the memory and allow an attacker to execute arbitrary code in Internet Explorer in the context of the current user.

Successful exploitation may gain the attacker the same user rights as the current user; if the user has full administrative privileges on the system, the attacker may gain complete control of the system.

In order to exploit this vulnerability, the attacker must lure a user into viewing a specially crafted webpage. The restricted Enhanced Security Configuration mode set as default on some versions of Windows Server (2003, 2008, 2008 R2, 2012 and 2012 R2) mitigates this vulnerability.

CVE Reference

  • CVE-2014-1776

Detected Exploit

  • Exploit:JS/CVE-2014-1776.A
  • Hydra database version 2014-04-29_03 at 20:50:41 UTC
Release Dates
  • 29 April 2014


Update (2 May 2014): A patch for CVE-2014-1776 has been released in a security update, as addressed in this report: Security update for Internet Explorer.

Instructions for a workaround and use of the Enhanced Mitigation Experience Toolkit (EMET) are available in the Microsoft Security Advisory 2963983.


Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.

Original Source

Microsoft Security Advisory 2963983