[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0322Date: (C)2014-02-14   (M)2023-12-22


Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
OSVDB-103354
EXPLOIT-DB-32851
EXPLOIT-DB-32904
MS14-012
VU#732479
http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx
http://technet.microsoft.com/security/advisory/2934088
http://twitter.com/nanoc0re/statuses/434251658344673281
http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html
http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
https://www.dropbox.com/s/pyxjgycmudirbqe/CVE-2014-0322.zip

CPE    2
cpe:/a:microsoft:internet_explorer:9
cpe:/a:microsoft:internet_explorer:10
CWE    1
CWE-416
OVAL    2
oval:org.secpod.oval:def:17002
oval:org.secpod.oval:def:17000

© SecPod Technologies