CVE-2014-1776
Description
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
81.844
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Internet Explorer for Windows XP (KB2964358) | Windows |
| Security Update for Internet Explorer for Windows Server 2003 (KB2964358) | Windows |
| Security Update for Internet Explorer for Windows XP x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 7 for Windows XP (KB2964358) | Windows |
| Security Update for Internet Explorer 7 for Windows Server 2003 (KB2964358) | Windows |
| Security Update for Internet Explorer 7 in Windows Vista (KB2964358) | Windows |
| Security Update for Internet Explorer 7 in Windows Server 2008 (KB2964358) | Windows |
| Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 8 for Windows XP (KB2964358) | Windows |
| Security Update for Internet Explorer 8 for Windows Server 2003 (KB2964358) | Windows |
| Security Update for Internet Explorer 8 in Windows Vista (KB2964358) | Windows |
| Security Update for Internet Explorer 8 in Windows Server 2008 (KB2964358) | Windows |
| Security Update for Internet Explorer 8 in Windows 7 (KB2964358) | Windows |
| Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 9 in Windows Vista (KB2964358) | Windows |
| Security Update for Internet Explorer 9 in Windows Server 2008 (KB2964358) | Windows |
| Security Update for Internet Explorer 9 in Windows 7 (KB2964358) | Windows |
| Security Update for Internet Explorer 9 in Windows Vista x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 9 in Windows Server 2008 x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 9 in Windows 7 x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 9 in Windows Server 2008 R2 x64 Edition (KB2964358) | Windows |
| Security Update for Internet Explorer 10 for Windows 7 SP1 (KB2964358) | Windows |
| Security Update for Internet Explorer 10 for Windows 8 (KB2964358) | Windows |
| Security Update for Internet Explorer 10 for Windows 7 SP1 for x64-based systems (KB2964358) | Windows |
| Security Update for Internet Explorer 10 for Server 2008 R2 SP1 (KB2964358) | Windows |
| Security Update for Internet Explorer 10 for Windows 8 for x64-based systems (KB2964358) | Windows |
| Security Update for Internet Explorer 10 for Windows Server 2012 (KB2964358) | Windows |
| Security Update for Internet Explorer 11 for Windows 7 SP1 (KB2964358) | Windows |
| Security Update for Internet Explorer 11 for Windows 8.1 (KB2964358) | Windows |
| Security Update for Internet Explorer 11 for Windows 7 SP1 for x64-based systems (KB2964358) | Windows |
| Security Update for Internet Explorer 11 for Server 2008 R2 SP1 (KB2964358) | Windows |
| Security Update for Internet Explorer 11 for Windows 8.1 for x64-based systems (KB2964358) | Windows |
| Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2964358) | Windows |
| Security Update for Internet Explorer 11 for Windows 7 SP1 (KB2964444) | Windows |
| Security Update for Internet Explorer 11 for Windows 7 SP1 for x64-based systems (KB2964444) | Windows |
| Security Update for Internet Explorer 11 for Server 2008 R2 SP1 (KB2964444) | Windows |
| Security Update for Internet Explorer 11 for Windows 8.1 for x64-based systems (KB2964444) | Windows |
| Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2964444) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-15374 | Security Update for Internet Explorer for Windows XP (KB2964358) |
| PATCH-15375 | Security Update for Internet Explorer for Windows Server 2003 (KB2964358) |
| PATCH-15376 | Security Update for Internet Explorer for Windows XP x64 Edition (KB2964358) |
| PATCH-15377 | Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2964358) |
| PATCH-15378 | Security Update for Internet Explorer 7 for Windows XP (KB2964358) |
| PATCH-15379 | Security Update for Internet Explorer 7 for Windows Server 2003 (KB2964358) |
| PATCH-15380 | Security Update for Internet Explorer 7 in Windows Vista (KB2964358) |
| PATCH-15381 | Security Update for Internet Explorer 7 in Windows Server 2008 (KB2964358) |
| PATCH-15382 | Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2964358) |
| PATCH-15383 | Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2964358) |
| PATCH-15384 | Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2964358) |
| PATCH-15385 | Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2964358) |
| PATCH-15386 | Security Update for Internet Explorer 8 for Windows XP (KB2964358) |
| PATCH-15387 | Security Update for Internet Explorer 8 for Windows Server 2003 (KB2964358) |
| PATCH-15388 | Security Update for Internet Explorer 8 in Windows Vista (KB2964358) |
| PATCH-15389 | Security Update for Internet Explorer 8 in Windows Server 2008 (KB2964358) |
| PATCH-15390 | Security Update for Internet Explorer 8 in Windows 7 (KB2964358) |
| PATCH-15391 | Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2964358) |
| PATCH-15393 | Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2964358) |
| PATCH-15394 | Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2964358) |
| PATCH-15395 | Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2964358) |
| PATCH-15397 | Security Update for Internet Explorer 9 in Windows Vista (KB2964358) |
| PATCH-15398 | Security Update for Internet Explorer 9 in Windows Server 2008 (KB2964358) |
| PATCH-15399 | Security Update for Internet Explorer 9 in Windows 7 (KB2964358) |
| PATCH-15400 | Security Update for Internet Explorer 9 in Windows Vista x64 Edition (KB2964358) |
| PATCH-15401 | Security Update for Internet Explorer 9 in Windows Server 2008 x64 Edition (KB2964358) |
| PATCH-15402 | Security Update for Internet Explorer 9 in Windows 7 x64 Edition (KB2964358) |
| PATCH-15404 | Security Update for Internet Explorer 10 for Windows 7 SP1 (KB2964358) |
| PATCH-15405 | Security Update for Internet Explorer 10 for Windows 8 (KB2964358) |
| PATCH-15406 | Security Update for Internet Explorer 10 for Windows 7 SP1 for x64-based systems (KB2964358) |
| PATCH-15407 | Security Update for Internet Explorer 10 for Server 2008 R2 SP1 (KB2964358) |
| PATCH-15408 | Security Update for Internet Explorer 10 for Windows 8 for x64-based systems (KB2964358) |
| PATCH-15409 | Security Update for Internet Explorer 10 for Windows Server 2012 (KB2964358) |
| PATCH-15411 | Security Update for Internet Explorer 11 for Windows 8.1 (KB2964358) |
| PATCH-15412 | Security Update for Internet Explorer 11 for Windows 7 SP1 for x64-based systems (KB2964358) |
| PATCH-15413 | Security Update for Internet Explorer 11 for Server 2008 R2 SP1 (KB2964358) |
| PATCH-15414 | Security Update for Internet Explorer 11 for Windows 8.1 for x64-based systems (KB2964358) |
| PATCH-15415 | Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2964358) |
| PATCH-15418 | Security Update for Internet Explorer 11 for Windows 7 SP1 for x64-based systems (KB2964444) |
| PATCH-15419 | Security Update for Internet Explorer 11 for Server 2008 R2 SP1 (KB2964444) |
| PATCH-15420 | Security Update for Internet Explorer 11 for Windows 8.1 for x64-based systems (KB2964444) |
| PATCH-15421 | Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2964444) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234