CVE-2014-1796

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 6, 8 through 11

Description The issue is related to a use-after-free error when accessing the CDispStructureNode object, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Recommendations For Internet Explorer version 6: update to a newer version to mitigate the risk. For Internet Explorer versions 8 through 11: update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to potentially malicious web sites to minimize the risk of exploitation.