cbcvebase.
CVE-2014-0324
published 2014-03-12

CVE-2014-0324: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web…

PriorityP275critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
20.41%
97.2th percentile
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312.

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2014-0324 is a use-after-free vulnerability in Internet Explorer actively exploited in the wild; detection should focus on UAF exploitation patterns targeting MSHTML!CAnchorElement objects
  • Exploit technique involves forcing CMemoryProtector::ProtectedFree to perform a true free by inflating TotalMemorySize in st_ProtecFreeManageHeap beyond the 0x186A0 threshold via JavaScript heap spray
  • Freed UAF objects are zeroed (filled with 0x00) by ProtectedFree before actual release; memory forensics on IE heap may show zeroed CAnchorElement blocks as an indicator of exploitation attempt
  • ·The isolated heap mitigation (introduced June 2014) was applied to many but not all internal IE objects, meaning some objects including those involved in CVE-2014-0324 remained exploitable even after the isolated heap patch
  • ·The deferred free (ProtectedFree) threshold is 0x186A0 bytes (100k); an attacker can bypass this protection by forcing TotalMemorySize to exceed this threshold before triggering the UAF, so this mitigation alone is insufficient

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.