Skip to main content

Pwn2Own 2012: IE 9 hacked with two 0day vulnerabilities

posted onMarch 9, 2012
by l33tdawg

Microsoft’s Internet Explorer 9 browser has fallen.

A team of French researchers exploited two different IE zero-day flaws to break into a fully patched Windows 7 SP1 machine and take an almost unassailable lead in this year’s CanSecWest Pwn2Own competition.

The hacking team, from French security research outfit VUPEN, used an unpatched heap overflow bug to bypass DEP and ASLR and a separate memory corruption flaw to break out of the browser’s Protected Mode sandbox. The code execution attack, which required no user action beyond browsing to a rigged web site, also works on Internet Explorer v10 (consumer preview) running on Windows 8.

Source

Tags

Microsoft IE Security Pwn2Own

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th