⚠ Actively exploited
Added to CISA KEV on 2022-01-28. Federal agencies required to patch by 2022-07-28. Required action: Apply updates per vendor instructions..

CVE-2014-1776Use After Free in Microsoft Internet Explorer

CWE-416Use After Free38 documents13 sources
Severity
9.8CRITICALNVD
EPSS
84.0%
top 0.69%
CISA KEV
KEV
Added 2022-01-28
Due 2022-07-28
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedApr 27
KEV addedJan 28
KEV dueJul 28
Latest updateFeb 12
CISA Required Action: Apply updates per vendor instructions.

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer6 versions+5

Patches

Patch: docs.microsoft.comPatch: technet.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-44fv-7jv8-5cpp: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of servic2022-05-14
VulnCheck
Microsoft Internet Explorer Memory Corruption Vulnerability2014

🔍Detection Rules

3
Suricata
ET EXPLOIT_KIT DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M12014-10-09
Suricata
ET WEB_CLIENT Microsoft Application Crash Report Indicates Potential VGX Memory Corruption2014-04-30
Suricata
ET WEB_CLIENT Microsoft Application Crash Report Indicates Potential VGX Memory Corruption 22014-04-30

📋Vendor Advisories

1
CISA
Microsoft Internet Explorer Memory Corruption Vulnerability2022-01-28

🕵️Threat Intelligence

28
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys2022-02-23
Fortinet
The Definition and Examples of Exploit Kits | Fortinet Blog2022-01-27
Unit42
UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload2015-07-27
Unit42
UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload2015-07-27
Qualys
US-CERT: Top 30 Vulnerabilities | Qualys2015-05-01

📄Research Papers

2
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures2025-02-12
arXiv
Casting exploit analysis as a Weird Machine reconstruction problem2021-09-27
CVE-2014-1776 — Use After Free in Microsoft | cvebase