Pwn2Own 2011: IE8 on Windows 7 hijacked with 3 vulnerabilities

[Robert Slade <rmslade () shaw ca>]

Greetings from CanSecWest.  I'm downstairs following the sessions, while the Pwn2Own is going on upstairs.

> '....Using three different vulnerabilities and clever exploitation
> techniques, Irish security researcher Stephen Fewer successfully
> hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to
> win this year’s CanSecWest hacker challenge.


Which is nice, but I particularly noted:

> The attack successfully bypassed DEP (data execution prevention) and
> ASLR (address space layout randomization), two key protection
> mechanisms built into the newest versions of Windows......'


Interesting ...

http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.