Product Coverage and Mitigation for CVE-2014-1776 (Microsoft Internet Explorer)

By on Apr 28, 2014

On April 26, Microsoft released Security Advisory 2963983 for Microsoft Internet Explorer. In-the-wild exploitation of this vulnerability has been observed across limited, targeted attacks. The flaw is specific to a use-after-free vulnerability in VGX.DLL (memory corruption). Successful exploitation can give an attacker the ability to run arbitrary code (via remote code execution). The flaw affects the following:

  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 9
  • Microsoft Internet Explorer 10
  • Microsoft Internet Explorer 11


Current McAfee Product Coverage and Mitigation

  • McAfee Vulnerability Manager:  The FSL/MVM package of April 28 includes a vulnerability check to assess if your systems are at risk.
  • McAfee VirusScan (AV):  The 7423 DATs (release date April 29, 2014) provide coverage for perimeter/gateway products and the command-line scanner-based technologies.  Full detection capabilities, across all products, will be released in the 7428 DAT update (release date May 4, 2014).
  • McAfee Web Gateway (AV): The 7423 DATs (release date April 29, 2014) provide coverage.
  • McAfee Network Security Platform (NIPS): The UDS Release of April 28 contains detection.
    • Attack ID: 0x4512e700
    • Name: “UDS-HTTP: Microsoft Internet Explorer CMarkup Object Use-After-Free vulnerability”
  • McAfee Host Intrusion Prevention (HIPS):  Generic buffer overflow protection is expected to cover code execution exploits.
  • McAfee Next Generation Firewall (NGFW): Update package 579-5211 (released April 29, 2014) provides detection.
  • McAfee Application Control: McAfee Application Control provides coverage via the MP-CASP feature. Whitelisting will also prevent post exploitation behavior (ex: execution of dropped executables or the loading of dropped dlls.)



About the Author

McAfee Labs

McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog for more information.

Read more posts from McAfee Labs

  1. I wold like to know this McAfee release also secure firefox browser. because firefox browser close automatic after some time . message come on the screen . window find the problem online

  2. Hello

    Clarified coverage statements are above in the original blog text. For reference, the detection name in the DATs is "Exploit-CVE2014-1776".


    Jim Walter

  3. Your post on this blog states:

    McAfee VirusScan (AV): The 7423 DATs (release date April 29, 2014) detect known-exploits as “Exploit-CVE2014-1776″

    Yet, word I'm getting from my SAM is: "There will be (should be) detection in 7423 DAT file , but it would be restricted to Stinger and CLS, which has limited manual use. For VSE, it will come as I stated in my email."

    The "as I stated in my email" is:

    New Coverage Information
    • DATs – Exploit-CVE2014-1776 in the 7428 DATS, to be released May 04, 2014.

    So, question is: are your clients protected by DAT 7423 in VSE?

Similar Blogs

Subscribe to McAfee Securing Tomorrow Blogs