The first of the Zero-Day Exploits used is nothing new; it is a heap overflow (this is the one that is a core IE fault) that allows the malicious code to create a memory leak. With a memory leak you can bypass address space layout randomization and compromise the OS. ASLR and DEP (Data Execution Prevention) are two of the main ways that Windows 7 protects itself from malicious code, while the protected mode puts code executed in the browser into a contained memory and execution space.
The exploit used by Vupen to get past this is the one that they are not going to disclose to anyone but their paying customers. On the other hand the Heap Overflow they discovered in IE will be passed onto HP TippingPoint’s Zero Day Initiative. This means that Microsoft could have access to both exploits, one as a freely distributed item and the other they would pay for from Vupen.
It is this last item (the lack of a requirement to pass on sandbox/protected mode break outs) that caused Google to pull its sponsorship from this year’s competition. Instead they put on their own competition called Pwnium which has yielded two exploits for Chrome (which they claim are fixed). Vupen (the people that also cracked open IE 9) also found two exploits for Google’s Chrome. We are betting that Google has already passed on a big check for the sandbox breakout that Vupen used, but as of this writing Google has not made any public statements on it.
Discuss this in our Forum
Reading time is around minutes.
Although not incredibly big news it looks like Microsoft’s Internet Explorer 9 has fallen to exploits on Thursday during the Pwn2Own competition. Once again it was Vupen that managed the exploit. Interestingly enough as with Chrome it took two separate attacks to get past the security in place for IE 9. One is something that has been present in every version of Internet Explorer since IE6 and the other is a non-disclosed 0-day exploit to get past the protected mode available in IE.
Published in
News
Tagged under
Latest from Sean Kalinich
- NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
- Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
- Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
- Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
- Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Leave a comment
Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.