Internet Explorer vulnerability could allow remote code execution
Report ID: MAPP-CVE20140322
Date Published: 24 February 2014
Compromise Type: remote-code-execution
Compromise From: remote
Internet Explorer 10
Internet Explorer 9
A use-after-free vulnerability in Internet Explorer 9 and 10 could, if successfully exploited, lead to remote code execution.
As of time of writing, Microsoft is aware of limited, targeted attacks against this vulnerability in-the-wild. Only versions 9 and 10 of Internet Explorer are affected; no other supported versions are affected.
A "MSHTML Shim Workaround" Fix It solution is available to prevent exploitation of the vulnerability until a security update is released containing the necessary patch. The workaround is available at Microsoft Support KB 2934088.
F-Secure detects the files taking advantage of this vulnerability with these detections:
- Exploit.SWF.CVE-2014-0322.A - in database update 2014-02-15_02 released on 15th February 2014 at 1840hrs UTC
- Exploit.CVE-2014-0322.A - in database update 2014-02-15_02 released on 15th February 2014 at 1840hrs UTC
- JS:Exploit.CVE-2014-0322.B - in database update 2014-02-15_03 released on 16th February 2014 at 0001hrs UTC
- Script.SWF.Cxx - A generic detection released in 2012 and updated in the 2014-02-18_03 database update released on 18th February 2014 at 0515hrs UTC to include detection for a known Shockwave attack file.
15 February 2014
16 February 2014
18 February 2014
Microsoft recommends applying the "MSHTML Shim Workaround" Fix It solution and/or deploying the Enhanced Mitigation Experience Toolkit (EMET). Complete instructions are available at Microsoft Security Advisory 2934088.