Friday, April 1, 2011

Internet Explorer 8 on Windows 7 - Zero Day Trifecta!

CVE-2011-1347: Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011

As far as I know this string of exploits is NOT publicly available at the moment, but if you want to read more check out the full story on zdnet.
Stephen Fewer: If you look closely you can see his brain radiating heat!

Anytime you get a bunch of geeks together and are giving away free computers and ca$h, it's a pretty good bet that something is gonna break. Nice work Fewer! 



No comments:

Post a Comment