Friday, 09 March 2012 16:14

Internet Explorer 9 Also falls during Pwn2Own

Written by

Reading time is around minutes.

untitledAlthough not incredibly big news it looks like Microsoft’s Internet Explorer 9 has fallen to exploits on Thursday during the Pwn2Own competition. Once again it was Vupen that managed the exploit. Interestingly enough as with Chrome it took two separate attacks to get past the security in place for IE 9. One is something that has been present in every version of Internet Explorer since IE6 and the other is a non-disclosed 0-day exploit to get past the protected mode available in IE.

The first of the Zero-Day Exploits used is nothing new; it is a heap overflow (this is the one that is a core IE fault) that allows the malicious code to create a memory leak. With a memory leak you can bypass address space layout randomization and compromise the OS. ASLR and DEP (Data Execution Prevention) are two of the main ways that Windows 7 protects itself from malicious code, while the protected mode puts code executed in the browser into a contained memory and execution space.

The exploit used by Vupen to get past this is the one that they are not going to disclose to anyone but their paying customers. On the other hand the Heap Overflow they discovered in IE will be passed onto HP TippingPoint’s Zero Day Initiative. This means that Microsoft could have access to both exploits, one as a freely distributed item and the other they would pay for from Vupen.

It is this last item (the lack of a requirement to pass on sandbox/protected mode break outs) that caused Google to pull its sponsorship from this year’s competition. Instead they put on their own competition called Pwnium which has yielded two exploits for Chrome (which they claim are fixed). Vupen (the people that also cracked open IE 9) also found two exploits for Google’s Chrome. We are betting that Google has already passed on a big check for the sandbox breakout that Vupen used, but as of this writing Google has not made any public statements on it.

Discuss this in our Forum

Read 2323 times Last modified on Friday, 09 March 2012 16:21

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.