CVE-2014-0324
published 2014-03-12CVE-2014-0324: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web…
PriorityP275critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
20.41%
97.2th percentile
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2014-0324 is a use-after-free vulnerability in Internet Explorer actively exploited in the wild; detection should focus on UAF exploitation patterns targeting MSHTML!CAnchorElement objects ↗
- →Exploit technique involves forcing CMemoryProtector::ProtectedFree to perform a true free by inflating TotalMemorySize in st_ProtecFreeManageHeap beyond the 0x186A0 threshold via JavaScript heap spray ↗
- →Freed UAF objects are zeroed (filled with 0x00) by ProtectedFree before actual release; memory forensics on IE heap may show zeroed CAnchorElement blocks as an indicator of exploitation attempt ↗
- ·The isolated heap mitigation (introduced June 2014) was applied to many but not all internal IE objects, meaning some objects including those involved in CVE-2014-0324 remained exploitable even after the isolated heap patch ↗
- ·The deferred free (ProtectedFree) threshold is 0x186A0 bytes (100k); an attacker can bypass this protection by forcing TotalMemorySize to exceed this threshold before triggering the UAF, so this mitigation alone is insufficient ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Internet Explorer 8/9/10/11 memory corruption (MS14-012 / EDB-32851)
vuldb·2026-05-07·CVSS 9.3
CVE-2014-0324 [CRITICAL] Microsoft Internet Explorer 8/9/10/11 memory corruption (MS14-012 / EDB-32851)
A vulnerability was found in Microsoft Internet Explorer 8/9/10/11. It has been declared as critical. Affected is an unknown function. Executing a manipulation can lead to memory corruption.
The identification of this vulnerability is CVE-2014-0324. The attack may be launched remotely. Furthermore, there is an exploit available.
It is advisable to implement a patch to correct this issue.
GHSA
GHSA-wh27-j22v-qpxj: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-0312 [CRITICAL] CWE-119 GHSA-wh27-j22v-qpxj: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0324.
GHSA
GHSA-cm8h-rhxh-h795: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-0324 [CRITICAL] CWE-119 GHSA-cm8h-rhxh-h795: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312.
GHSA
GHSA-4fp7-cq73-829r: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-0297 [CRITICAL] CWE-119 GHSA-4fp7-cq73-829r: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0308, CVE-2014-0312, and CVE-2014-0324.
GHSA
GHSA-xqxm-4hh8-rxv8: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-0308 [CRITICAL] CWE-119 GHSA-xqxm-4hh8-rxv8: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0312, and CVE-2014-0324.
VulnCheck
Microsoft Internet Explorer Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2014·CVSS 9.3
CVE-2014-0324 [CRITICAL] Microsoft Internet Explorer Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Internet Explorer Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312.
Affected: Microsoft Internet Explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-012; https://www.scribd.com/document/516749423/inzimam-2019-ijca-919742
No detection rules found.
No public exploits indexed.
Unit42
Is It the Beginning of the End For Use-After-Free Exploitation?
blogs_unit42·2014-07-17·CVSS 8.8
CVE-2014-1815 [HIGH] Is It the Beginning of the End For Use-After-Free Exploitation?
Use-after-free bugs have affected Internet Explorer for years. In the past year alone, Microsoft patched 122 IE vulnerabilities, the majority of which were use-after-free bugs. This year Microsoft has already patched 126 IE vulnerabilities to date. Of those vulnerabilities, 4 were actively being exploited in the wild. These 4 exploits (CVE-2014-1815, CVE-2014-1776, CVE-2014-0322, CVE-2014-0324) were all based on use-after-free bugs.
To deal with the increasing number of use-after-free bugs and associated exploits, Microsoft introduced a series of new control mechanisms in the most recent Internet Explorer patches. In June, Microsoft introduced a new isolated heap mechanism to solve the usage issue of use-after-free exploitation. They followed that up In July by implementing a deferred fre
Unit42
Is It the Beginning of the End For Use-After-Free Exploitation?
blogs_unit42·2014-07-17·CVSS 8.8
[HIGH] Is It the Beginning of the End For Use-After-Free Exploitation?
## Is It the Beginning of the End For Use-After-Free Exploitation?
Tao Yan
Bo Qu
Royce Lu
Published: July 16, 2014
Malware
Threat Research
Deferred free
Internet Explorer
Isolated heap
Microsoft
Use after free
Use-after-free bugs have affected Internet Explorer for years. In the past year alone, Microsoft patched 122 IE vulnerabilities, the majority of which were use-after-free bugs. This year Microsoft has already patched 126 IE vulnerabilities to date. Of those vulnerabilities, 4 were actively being exploited in the wild. These 4 exploits (CVE-2014-1815, CVE-2014-1776, CVE-2014-0322, CVE-2014-0324) were all based on use-after-free bugs.
To deal with the increasing number of use-after-free bugs and associated exploits, Microsoft introduced a series of new control mechanisms
Talos
Micorosft Update Tuesday: March 2014, all about IE (including two 0-day fixes)
blogs_talos·2014-03-11·CVSS 9.3
CVE-2014-0322 [CRITICAL] Micorosft Update Tuesday: March 2014, all about IE (including two 0-day fixes)
It's Microsoft Update Tuesday. While this month is relatively minor, a total of 5 bulletins, it is pretty large for the requisite Internet Explorer bulletin. There’s a total of 23 CVEs covered by the bulletins, 18 of which are found in IE.
There’s 2 critical and 3 important bulletins this month:
MS14-012 is the first critical bulletin and is the IE bulletin. Most of the vulnerabilities are, as usual, the result of "use-after-free" vulnerabilities. One of the vulnerabilities, CVE-2014-0322, was known publicly before the update and saw targeted attacks since February 14th. The temporary workaround in security advisory 2934088 that has been available from Microsoft since February 19th is now being replaced by a more formal fix. The vulnerability was being exploited in a watering hole attack
Talos
Micorosft Update Tuesday: March 2014, all about IE (including two 0-day fixes)
blogs_talos·2014-03-11·CVSS 9.3
[CRITICAL] Micorosft Update Tuesday: March 2014, all about IE (including two 0-day fixes)
## Micorosft Update Tuesday: March 2014, all about IE (including two 0-day fixes)
It's Microsoft Update Tuesday. While this month is relatively minor, a total of 5 bulletins, it is pretty large for the requisite Internet Explorer bulletin. There’s a total of 23 CVEs covered by the bulletins, 18 of which are found in IE.
There’s 2 critical and 3 important bulletins this month:
MS14-012 is the first critical bulletin and is the IE bulletin. Most of the vulnerabilities are, as usual, the result of "use-after-free" vulnerabilities. One of the vulnerabilities, CVE-2014-0322 , was known publicly before the update and saw targeted attacks since February 14 th . The temporary workaround in security advisory 2934088 that has been available from Microsoft since February 19 th is now being replace
Zscaler
Zscaler Protects against IE Memory Corruption Vulnerability
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler Protects against IE Memory Corruption Vulnerability
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2014-03-12
Published
Exploited in the wild