← back
CVE-2014-0322

CVE-2014-0322

CVSS 8.8 HIGHEPSS 85.2%● KEVCWE-416
In short

Internet Explorer 9 and 10 have a bug where freed memory can be reused, allowing hackers to run malicious code through specially crafted JavaScript. This was actively exploited by attackers in early 2014.

Technical detail

Use-after-free vulnerability in IE 9/10's CMarkup implementation triggered via crafted JavaScript exploiting the onpropertychange event handler on script elements. Attack vector is remote (malicious web page), requires user to visit the site; impact is arbitrary code execution in the browser context.

Summary generated and translated by AI from the official description.
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found4
cve_referencewww.exploit-db.com/exploits/32851unverifiedcve_referencewww.exploit-db.com/exploits/32904unverifiedexploitdbwww.exploit-db.com/exploits/32904unverifiedexploitdbwww.exploit-db.com/exploits/32851unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspxhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0322https://www.dropbox.com/s/pyxjgycmudirbqe/CVE-2014-0322.ziphttp://technet.microsoft.com/security/advisory/2934088http://twitter.com/nanoc0re/statuses/434251658344673281http://www.exploit-db.com/exploits/32851http://www.exploit-db.com/exploits/32904http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.htmlhttp://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.htmlhttp://www.kb.cert.org/vuls/id/732479http://www.osvdb.org/103354