CVE-2014-0322

ENISA EUVD: EUVD-2014-0360 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 2 articles Published: 2014-02-14

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

92.97%

probability

This CVE has a 92.97% probability of being exploited in the next 30 days.

0% Top 99.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

9.3

HIGH

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.

Affected Products

n/a

microsoft

internet explorer

n/a

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Exploits & PoC

http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html

x_refsource_MISC

http://www.osvdb.org/103354

vdb-entry x_refsource_OSVDB

http://www.exploit-db.com/exploits/32851

exploit x_refsource_EXPLOIT-DB

http://technet.microsoft.com/security/advisory/2934088

x_refsource_CONFIRM

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012

vendor-advisory x_refsource_MS

http://www.kb.cert.org/vuls/id/732479

third-party-advisory x_refsource_CERT-VN

Signal Intelligence

Confidenceⓘ

85%

EPSS 92.97%

CVSS v3.1 8.8

Mentions 2

Last Seen May 01, 2015

CNA Information

CNA Assigner

microsoft

Analyst Note

CVE-2014-0322 is explicitly named as a zero-day in active exploitation against US military targets in Operation Snowman, discovered by FireEye. The article clearly states hackers were using this zero-day vulnerability in Internet Explorer before a patch was available, meeting the core zero-day criteria of in-the-wild exploitation preceding patch availability.

Threat Actors 3

Kinsing

apt_group 🇷🇺 RU

TeamTNT

apt_group 🇩🇪 DE

Bitwise Spider

apt_group Financial gain 🇷🇺 RU

Triage Info

Decided atMar 20, 2026

Published DateFeb 14, 2014