VUPEN security researchers used two zero day vulnerabilities to hack Internet Explorer 9 during the second day of the Pwn2Own contest at the CanSecWest security conference.
“The attack was demonstrated on a fully patched 64-bit Windows 7 with Service Pack 1 system and earned the VUPEN team 32 points in the annual Pwn2Own competition sponsored by TippingPoint’s Zero Day Initiative (ZDI) program,” writes ITworld’s Lucian Constantin.
“VUPEN’s Internet Explorer 9 exploit leveraged two vulnerabilities — a remote code execution (RCE) that bypassed the browser’s anti-exploitation mechanisms like DEP (Data Execution Prevention) or ASLR (address space layout randomization) and one that bypassed its post-exploitation defense, commonly known as the sandbox, or Protected Mode in Internet Explorer’s case,” Constantin writes.
Go to “Researchers hack IE9 during second day at Pwn2Own” to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.