Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Internet Explorer vulnerability could allow remote code execution


Report ID: MAPP-CVE20140322
Date Published: 24 February 2014
Date Revised:

Criticality: Low
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Internet Explorer 10
Internet Explorer 9




Summary

A use-after-free vulnerability in Internet Explorer 9 and 10 could, if successfully exploited, lead to remote code execution.



Detailed Description

A use-after-free vulnerability in the way Internet Explorer 9 and 10 accesses a deleted or improperly allocated object in memory could be exploited by remote attackers using specially crafted JavaScript code. If successfully exploited, attackers could perform remote code execution in the context of the user in Internet Explorer.

As of time of writing, Microsoft is aware of limited, targeted attacks against this vulnerability in-the-wild. Only versions 9 and 10 of Internet Explorer are affected; no other supported versions are affected.

A "MSHTML Shim Workaround" Fix It solution is available to prevent exploitation of the vulnerability until a security update is released containing the necessary patch. The workaround is available at Microsoft Support KB 2934088.

F-Secure detects the files taking advantage of this vulnerability with these detections:

  • Exploit.SWF.CVE-2014-0322.A - in database update 2014-02-15_02 released on 15th February 2014 at 1840hrs UTC
  • Exploit.CVE-2014-0322.A -  in database update 2014-02-15_02 released on 15th February 2014 at 1840hrs UTC
  • JS:Exploit.CVE-2014-0322.B -  in database update 2014-02-15_03 released on 16th February 2014 at 0001hrs UTC
  • Script.SWF.Cxx - A generic detection released in 2012 and updated in the 2014-02-18_03 database update released on 18th February 2014 at 0515hrs UTC to include detection for a known Shockwave attack file.

 



CVE Reference

CVE-2014-0322



Detected Exploit

Detections
Exploit.SWF.CVE-2014-0322.A
Exploit.CVE-2014-0322.A
JS:Exploit.CVE-2014-0322.B
Script.SWF.Cxx

Databases
2014-02-15_02 
2014-02-15_03
2014-02-18_03

Release dates
15 February 2014
16 February 2014
18 February 2014



Solution

Microsoft recommends applying the "MSHTML Shim Workaround" Fix It solution and/or deploying the Enhanced Mitigation Experience Toolkit (EMET). Complete instructions are available at Microsoft Security Advisory 2934088.



Additional Info

-



Online Scanner

 Scan and clean your PC

 

Submit a sample

Wondering if a file or URL is malicious?

Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)