0-Day Fixes

Internet Explorer vulnerability could allow remote code execution

Report ID: MAPP-CVE20140322
Date Published: 24 February 2014
Date Revised:  
Criticality: Low
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Internet Explorer 10
Internet Explorer 9


A use-after-free vulnerability in Internet Explorer 9 and 10 could, if successfully exploited, lead to remote code execution.

Detailed Description

A use-after-free vulnerability in the way Internet Explorer 9 and 10 accesses a deleted or improperly allocated object in memory could be exploited by remote attackers using specially crafted JavaScript code. If successfully exploited, attackers could perform remote code execution in the context of the user in Internet Explorer.

As of time of writing, Microsoft is aware of limited, targeted attacks against this vulnerability in-the-wild. Only versions 9 and 10 of Internet Explorer are affected; no other supported versions are affected.

A "MSHTML Shim Workaround" Fix It solution is available to prevent exploitation of the vulnerability until a security update is released containing the necessary patch. The workaround is available at Microsoft Support KB 2934088.

F-Secure detects the files taking advantage of this vulnerability with these detections:

  • Exploit.SWF.CVE-2014-0322.A - in database update 2014-02-15_02 released on 15th February 2014 at 1840hrs UTC
  • Exploit.CVE-2014-0322.A -  in database update 2014-02-15_02 released on 15th February 2014 at 1840hrs UTC
  • JS:Exploit.CVE-2014-0322.B -  in database update 2014-02-15_03 released on 16th February 2014 at 0001hrs UTC
  • Script.SWF.Cxx - A generic detection released in 2012 and updated in the 2014-02-18_03 database update released on 18th February 2014 at 0515hrs UTC to include detection for a known Shockwave attack file.

CVE Reference

  • CVE-2014-0322

Detected Exploit

  • Exploit.SWF.CVE-2014-0322.A
  • Exploit.CVE-2014-0322.A
  • JS:Exploit.CVE-2014-0322.B
  • Script.SWF.Cxx
  • 2014-02-15_02
  • 2014-02-15_03
  • 2014-02-18_03
Release Dates
  • 15 February 2014
  • 16 February 2014
  • 18 February 2014


Microsoft recommends applying the "MSHTML Shim Workaround" Fix It solution and/or deploying the Enhanced Mitigation Experience Toolkit (EMET). Complete instructions are available at Microsoft Security Advisory 2934088.

Original Source

Microsoft Security Advisory 2934088