Emerging Threat: Microsoft Internet Explorer Zero-Day (CVE-2014-1776) Remote Code Execution Vulnerability
EXECUTIVE SUMMARY:
On April 26th 2014, Microsoft released a security advisory (2963983) for a zero-day vulnerability in Internet Explorer (CVE-2014-1776). Exploitation of the vulnerability is reportedly being used in limited, targeted attacks. The vulnerability exists in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. There is currently no patch available for this vulnerability and Microsoft did not provide a release date for a patch.
Windows users running vulnerable versions of Internet Explorer are at risk, when visiting compromised websites containing malicious code to exploit this vulnerability.