Product Coverage and Mitigation for CVE-2014-1776 (Microsoft Internet Explorer)

On April 26, Microsoft released Security Advisory 2963983 for Microsoft Internet Explorer. In-the-wild exploitation of this vulnerability has been observed across limited, targeted attacks. The flaw is specific to a use-after-free vulnerability in VGX.DLL (memory corruption). Successful exploitation can give an attacker the ability to run arbitrary code (via remote code execution). The flaw affects the following:

  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 9
  • Microsoft Internet Explorer 10
  • Microsoft Internet Explorer 11


Current McAfee Product Coverage and Mitigation

  • McAfee Vulnerability Manager:  The FSL/MVM package of April 28 includes a vulnerability check to assess if your systems are at risk.
  • McAfee VirusScan (AV):  The 7423 DATs (release date April 29, 2014) provide coverage for perimeter/gateway products and the command-line scanner-based technologies.  Full detection capabilities, across all products, will be released in the 7428 DAT update (release date May 4, 2014).
  • McAfee Web Gateway (AV): The 7423 DATs (release date April 29, 2014) provide coverage.
  • McAfee Network Security Platform (NIPS): The UDS Release of April 28 contains detection.
    • Attack ID: 0x4512e700
    • Name: “UDS-HTTP: Microsoft Internet Explorer CMarkup Object Use-After-Free vulnerability”
  • McAfee Host Intrusion Prevention (HIPS):  Generic buffer overflow protection is expected to cover code execution exploits.
  • McAfee Next Generation Firewall (NGFW): Update package 579-5211 (released April 29, 2014) provides detection.
  • McAfee Application Control: McAfee Application Control provides coverage via the MP-CASP feature. Whitelisting will also prevent post exploitation behavior (ex: execution of dropped executables or the loading of dropped dlls.)



3 comments on “Product Coverage and Mitigation for CVE-2014-1776 (Microsoft Internet Explorer)

  • I wold like to know this McAfee release also secure firefox browser. because firefox browser close automatic after some time . message come on the screen . window find the problem online

  • Hello

    Clarified coverage statements are above in the original blog text. For reference, the detection name in the DATs is "Exploit-CVE2014-1776".


    Jim Walter

  • Benoit Malenfant says:

    Your post on this blog states:

    McAfee VirusScan (AV): The 7423 DATs (release date April 29, 2014) detect known-exploits as “Exploit-CVE2014-1776″

    Yet, word I'm getting from my SAM is: "There will be (should be) detection in 7423 DAT file , but it would be restricted to Stinger and CLS, which has limited manual use. For VSE, it will come as I stated in my email."

    The "as I stated in my email" is:

    New Coverage Information
    • DATs – Exploit-CVE2014-1776 in the 7428 DATS, to be released May 04, 2014.

    So, question is: are your clients protected by DAT 7423 in VSE?


Leave a Comment

1 × 1 =