CVE-2014-1776

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 11

Description The issue is a use-after-free vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function. This vulnerability was exploited in the wild in April 2014. It is noted that the issue was originally associated with VGX.DLL, but Microsoft clarified that VGX.DLL does not contain the vulnerable code and that disabling VGX.DLL is an exploit-specific workaround.

Recommendations For Microsoft Internet Explorer versions 6 through 11, consider disabling the CMarkup::IsConnectedToPrimaryMarkup function as a temporary workaround until a patch is available. Additionally, disabling VGX.DLL can provide an immediate and effective workaround to help block known attacks.