Microsoft security software detects and removes this threat.

This threat uses a vulnerability in Internet Explorer 6 through to Internet Explorer 11 to download and run files on your PC, including other malware.

The vulnerability is addressed in Microsoft Security Bulletin MS14-021. It is also described in detail in Microsoft Security Advisory 2963983.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Internet Explorer.

Find out ways that malware can get on your PC.  

What to do now


The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Apply updates to Internet Explorer

Updates for this vulnerability should be automatically downloaded and installed on your PC. If you have disabled automatic updates or want to manually update, see the following:

Get more help

You should make sure the software on your PC is up to date:

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

See the following for more information on this vulnerability:

Threat behavior

Threat in context

This exploit targets Internet Explorer 6 through to Internet Explorer 11.

It is described in further detail in Microsoft Security Advisory 2963983.

What is an exploit?

Exploits are written to take advantage of weaknesses (or vulnerabilities) in legitimate software. A project called Common Vulnerabilities and Exposures (CVE) gives each vulnerability a unique number, in this case "CVE-2014-1776". 

You can find more information on the CVE website or on our page about exploits.


Downloads malware

This exploit can be encountered when you visit a malicious or hacked website that then attempts to download malware onto your PC.

Analysis by Karthik Selvaraj


Alerts from your security software may be the only symptom.


Alert level: Severe
First detected by definition: 1.173.690.0
Latest detected by definition: 1.173.831.0 and higher
First detected on: Apr 27, 2014
This entry was first published on: Apr 29, 2014
This entry was updated on: May 02, 2014

This threat is also detected as:
No known aliases