Establishing Digital Trust: Don't Sacrifice Security for Convenience
VUPEN security researchers used two zero day vulnerabilities to hack Internet Explorer 9 during the second day of the Pwn2Own contest at the CanSecWest security conference.
"The attack was demonstrated on a fully patched 64-bit Windows 7 with Service Pack 1 system and earned the VUPEN team 32 points in the annual Pwn2Own competition sponsored by TippingPoint's Zero Day Initiative (ZDI) program," writes ITworld's Lucian Constantin.
"VUPEN's Internet Explorer 9 exploit leveraged two vulnerabilities -- a remote code execution (RCE) that bypassed the browser's anti-exploitation mechanisms like DEP (Data Execution Prevention) or ASLR (address space layout randomization) and one that bypassed its post-exploitation defense, commonly known as the sandbox, or Protected Mode in Internet Explorer's case," Constantin writes.
Go to "Researchers hack IE9 during second day at Pwn2Own" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.