Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C5151F8B61804C60EC822679D32F32AF
HistoryApr 17, 2014 - 12:00 a.m.

Internet Explorer CMarkup Object Handling Use-after-free Vulnerability

2014-04-1700:00:00
SAINT Corporation
download.saintcorporation.com
15

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Added: 04/17/2014
CVE: CVE-2014-0322
BID: 65551
OSVDB: 103354

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Microsoft Internet Explorer 9 and 10 contain a use-after-free vulnerability in the CMarkup component of the MSHTML library. By enticing a user to open a specially crafted web page, a remote attacker could upload and execute arbitrary code on the compromised user’s system.

This exploit in the wild uses the Internet Explorer vulnerability to corrupt Adobe Flash content in such a way as to bypass Address Space Layout Randomization (ASLR), disable Data Execution Prevention (DEP), and then execute code.

Resolution

Apply updates as specified in Microsoft Security Bulletin MS14-012.

References

<http://secunia.com/advisories/56974/&gt;
<http://www.kb.cert.org/vuls/id/732479&gt;

Limitations

The user must open the exploit page in MS IE 9 or 10.

Exploit was tested using Adobe Flash Player 12.0.0.70 and 12.0.0.77.

Platforms

Windows

Related

saint 3
packetstorm 2
seebug 9
zdt 2
cert 1
nessus 2
thn 2
checkpoint_advisories 2
threatpost 6
prion 1
msrc 1
canvas 1
attackerkb 2
symantec 1
exploitpack 1
metasploit 1
cisa_kev 1
cve 1
exploitdb 2
fireeye 1
securityvulns 1
openvas 1
mskb 1
saint
saint
Internet Explorer CMarkup Object Handling Use-after-free Vulnerability
2014-04-17 00:00:00
Internet Explorer CMarkup Object Handling Use-after-free Vulnerability
2014-04-17 00:00:00
Internet Explorer CMarkup Object Handling Use-after-free Vulnerability
2014-04-17 00:00:00
packetstorm
packetstorm
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-16 00:00:00
MS14-012 Internet Explorer CMarkup Use-After-Free
2014-04-14 00:00:00
seebug
seebug
Microsoft Internet Explorer释放后重用远程代码执行漏洞
2014-02-17 00:00:00
Microsoft Internet Explorer内存破坏漏洞(CVE-2014-0322)
2014-03-12 00:00:00
MS14-012 Internet Explorer CMarkup Use-After-Free
2014-07-01 00:00:00
zdt
zdt
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-16 00:00:00
Internet Explorer 10 & Adobe Flash Player (12.0.0.70, 12.0.0.77) - CMarkup Use-After-Free
2014-04-15 00:00:00
cert
cert
Internet Explorer CMarkup use-after-free vulnerability
2014-02-14 00:00:00
nessus
nessus
MS KB2934088: Vulnerability in Internet Explorer Could Allow Remote Code Execution
2014-02-20 00:00:00
MS14-012: Cumulative Security Update for Internet Explorer (2925418)
2014-03-11 00:00:00
thn
thn
CVE-2014-0322: Internet Explorer zero-day exploit targets US Military Intelligence
2014-02-14 20:18:00
F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
2022-05-05 02:38:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Use-After-Free Code Execution (CVE-2014-0322)
2014-02-15 00:00:00
Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)
2014-06-10 00:00:00
threatpost
threatpost
IE Zero Day Exploits Increase Just Before Patch
2014-03-11 14:30:05
New IE Zero Day Found Targeting Military Intelligence
2014-02-14 14:27:27
Wekby APT 18 Exploiting Hacking Team Flash Zero Day
2015-07-09 14:50:54
prion
prion
Design/Logic Flaw
2014-02-14 16:55:00
msrc
msrc
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322
2014-02-19 08:00:00
canvas
canvas
Immunity Canvas: IE_CMARKUP
2014-02-14 16:55:00
attackerkb
attackerkb
CVE-2014-0322
2014-02-14 00:00:00
Microsoft Internet Explorer Use-After-Free Vulnerability
2014-02-14 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2014-0322 Use-After-Free Remote Code Execution Vulnerability
2014-02-13 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer 10 - CMarkup Use-After-Free (MS14-012)
2014-04-14 00:00:00
metasploit
metasploit
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-15 22:55:24
cisa_kev
cisa_kev
Microsoft Internet Explorer Use-After-Free Vulnerability
2022-05-04 00:00:00
cve
cve
CVE-2014-0322
2014-02-14 16:55:00
exploitdb
exploitdb
Microsoft Internet Explorer 10 - CMarkup Use-After-Free (MS14-012)
2014-04-14 00:00:00
Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012) (Metasploit)
2014-04-16 00:00:00
fireeye
fireeye
End of Life for Internet Explorer 8, 9 and 10
2016-01-12 14:49:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2014-03-18 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2925418)
2014-02-18 00:00:00
mskb
mskb
MS14-012: Cumulative security update for Internet Explorer: March 11, 2014
2014-03-11 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for SAINT:C5151F8B61804C60EC822679D32F32AF
saint3packetstorm2seebug9zdt2cert1nessus2thn2checkpoint_advisories2threatpost6prion1msrc1canvas1attackerkb2symantec1exploitpack1metasploit1cisa_kev1cve1exploitdb2fireeye1securityvulns1openvas1mskb1