What is the CVSS score of CVE-2014-0322?

CVE-2014-0322 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 93.2%.

Which versions of Microsoft are affected by CVE-2014-0322?

Organizations using Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 face significant risk from CVE-2014-0322, a use-after-free vulnerability rated CVSS 8.8.. A patch is available.

Is there a public PoC exploit available for CVE-2014-0322?

Yes, a public proof-of-concept exploit is available for CVE-2014-0322. Prioritise patching immediately. EPSS: 93.2%.

How to fix or mitigate CVE-2014-0322?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

Microsoft CVE-2014-0322

HIGH

Use After Free (CWE-416)

2014-02-14 secure@microsoft.com

RCE Microsoft Use After Free Memory Corruption

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 01:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 01:15 vuln.today

Public exploit code

Patch released

Oct 22, 2025 - 01:15 nvd

Patch available

CVE Published

Feb 14, 2014 - 16:55 nvd

HIGH 8.8

DescriptionCVE.org

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.

AnalysisAI

Internet Explorer 9 and 10 contain a use-after-free vulnerability in CMarkup object handling exploitable via crafted JavaScript, used in 'Operation SnowMan' watering hole attacks targeting US military and defense in early 2014.

Technical ContextAI

The CWE-416 use-after-free is triggered through a sequence of JavaScript operations involving CMarkup objects and onpropertychange event handlers. By creating and destroying DOM elements in a specific pattern, the attacker causes a CMarkup object to be freed while still referenced, then uses heap spray to control the freed memory.

RemediationAI

Migrate to modern browsers. Apply Microsoft security update MS14-012. This was a key driver in the industry's push to deprecate legacy IE versions.

CVE-2014-0322 vulnerability details – vuln.today

Back

Microsoft CVE-2014-0322

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code