CVE-2014-0322
critical-risk
Published 2014-02-14
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
Do I need to act?
!
93.2% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (23)
Press/Media Coverage
http://twitter.com/nanoc0re/statuses/434251658344673281
Third Party Advisory
http://www.kb.cert.org/vuls/id/732479
Broken Link
http://www.osvdb.org/103354
Press/Media Coverage
http://twitter.com/nanoc0re/statuses/434251658344673281
Third Party Advisory
http://www.kb.cert.org/vuls/id/732479
Broken Link
http://www.osvdb.org/103354
and 3 more references
71
/ 100
critical-risk
Severity
30/34 · Critical
Exploitability
34/34 · Critical
Exposure
7/34 · Low