Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:4AA18219F0F43605A5B96CC5B2DF62FF
HistoryApr 17, 2014 - 12:00 a.m.

Internet Explorer CMarkup Object Handling Use-after-free Vulnerability

2014-04-1700:00:00
SAINT Corporation
www.saintcorporation.com
31

EPSS

0.972

Percentile

99.9%

JSON

Added: 04/17/2014
CVE: CVE-2014-0322
BID: 65551
OSVDB: 103354

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Microsoft Internet Explorer 9 and 10 contain a use-after-free vulnerability in the CMarkup component of the MSHTML library. By enticing a user to open a specially crafted web page, a remote attacker could upload and execute arbitrary code on the compromised user’s system.

This exploit in the wild uses the Internet Explorer vulnerability to corrupt Adobe Flash content in such a way as to bypass Address Space Layout Randomization (ASLR), disable Data Execution Prevention (DEP), and then execute code.

Resolution

Apply updates as specified in Microsoft Security Bulletin MS14-012.

References

<http://secunia.com/advisories/56974/&gt;
<http://www.kb.cert.org/vuls/id/732479&gt;

Limitations

The user must open the exploit page in MS IE 9 or 10.

Exploit was tested using Adobe Flash Player 12.0.0.70 and 12.0.0.77.

Platforms

Windows

Related

zdt 2
saint 3
nvd 1
seebug 9
cert 1
cvelist 1
packetstorm 2
checkpoint_advisories 2
canvas 1
prion 1
threatpost 6
msrc 1
nessus 2
thn 2
exploitpack 1
cisa_kev 1
symantec 1
cve 1
metasploit 1
attackerkb 2
fireeye 1
openvas 1
securityvulns 1
mskb 1
zdt
zdt
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-16 00:00:00
Internet Explorer 10 & Adobe Flash Player (12.0.0.70, 12.0.0.77) - CMarkup Use-After-Free
2014-04-15 00:00:00
saint
saint
Internet Explorer CMarkup Object Handling Use-after-free Vulnerability
2014-04-17 00:00:00
Internet Explorer CMarkup Object Handling Use-after-free Vulnerability
2014-04-17 00:00:00
Internet Explorer CMarkup Object Handling Use-after-free Vulnerability
2014-04-17 00:00:00
nvd
nvd
CVE-2014-0322
2014-02-14 16:55:07
seebug
seebug
Microsoft Internet Explorer内存破坏漏洞(CVE-2014-0322)
2014-03-12 00:00:00
Microsoft Internet Explorer释放后重用远程代码执行漏洞
2014-02-17 00:00:00
MS14-012 Internet Explorer CMarkup Use-After-Free
2014-07-01 00:00:00
cert
cert
Internet Explorer CMarkup use-after-free vulnerability
2014-02-14 00:00:00
cvelist
cvelist
CVE-2014-0322
2014-02-14 16:00:00
packetstorm
packetstorm
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-16 00:00:00
MS14-012 Internet Explorer CMarkup Use-After-Free
2014-04-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Use-After-Free Code Execution (CVE-2014-0322)
2014-02-15 00:00:00
Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)
2014-06-10 00:00:00
canvas
canvas
Immunity Canvas: IE_CMARKUP
2014-02-14 16:55:00
prion
prion
Design/Logic Flaw
2014-02-14 16:55:00
threatpost
threatpost
IE Zero Day Exploits Increase Just Before Patch
2014-03-11 14:30:05
New IE Zero Day Found Targeting Military Intelligence
2014-02-14 14:27:27
Wekby APT 18 Exploiting Hacking Team Flash Zero Day
2015-07-09 14:50:54
msrc
msrc
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322
2014-02-19 08:00:00
nessus
nessus
MS KB2934088: Vulnerability in Internet Explorer Could Allow Remote Code Execution
2014-02-20 00:00:00
MS14-012: Cumulative Security Update for Internet Explorer (2925418)
2014-03-11 00:00:00
thn
thn
CVE-2014-0322: Internet Explorer zero-day exploit targets US Military Intelligence
2014-02-14 20:18:00
F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
2022-05-05 02:38:00
exploitpack
exploitpack
Microsoft Internet Explorer 10 - CMarkup Use-After-Free (MS14-012)
2014-04-14 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Use-After-Free Vulnerability
2022-05-04 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2014-0322 Use-After-Free Remote Code Execution Vulnerability
2014-02-13 00:00:00
cve
cve
CVE-2014-0322
2014-02-14 16:55:07
metasploit
metasploit
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-15 22:55:24
attackerkb
attackerkb
CVE-2014-0322
2014-02-14 00:00:00
Microsoft Internet Explorer Use-After-Free Vulnerability
2014-02-14 00:00:00
fireeye
fireeye
End of Life for Internet Explorer 8, 9 and 10
2016-01-12 14:49:00
openvas
openvas
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2925418)
2014-02-18 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2014-03-18 00:00:00
mskb
mskb
MS14-012: Cumulative security update for Internet Explorer: March 11, 2014
2014-03-11 00:00:00

EPSS

0.972

Percentile

99.9%

JSON
Related for SAINT:4AA18219F0F43605A5B96CC5B2DF62FF
zdt2saint3nvd1seebug9cert1cvelist1packetstorm2checkpoint_advisories2canvas1prion1threatpost6msrc1nessus2thn2exploitpack1cisa_kev1symantec1cve1metasploit1attackerkb2fireeye1openvas1securityvulns1mskb1