QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0322

Published: Feb 14, 2014

Modified: Oct 22, 2025

PUBLISHED

Description

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

exploit

x_refsource_EXPLOIT-DB

http://technet.microsoft.com/security/advisory/2934088

x_refsource_CONFIRM

vendor-advisory

x_refsource_MS

third-party-advisory

x_refsource_CERT-VN

http://twitter.com/nanoc0re/statuses/434251658344673281

x_refsource_MISC

http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx

x_refsource_MISC

https://www.dropbox.com/s/pyxjgycmudirbqe/CVE-2014-0322.zip

x_refsource_MISC

http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.