10 stories

Pwn2Own 2011: IE8 on Windows 7 hijacked with 3 vulnerabilities

Thought Internet Explorer 8 on Windows 7 was secure? Think again. During a hacking challenge at Pwn2Own, Microsoft’s Internet Explorer 8 was successfully hacked by an Irish security researcher (Stephen Fewer) on a Windows 7 SP1 machine. This was all possible using three different vulnerabilities and exploitation techniques.

As ZDNet reports, the hacker used two different zero-day flaws in Internet Explorer to get “reliable code execution” and then “chained a third vulnerability to jump out of the IE Protected Mode sandbox.” This attack eventually bypassed the Data Execution Prevention (DEP) and Address Space Layout Administration (ASLR). These are two protection mechanisms built into Windows 7.

How long did it take to create the exploit? According to Stephen Fewer, it took him about five to six weeks to find the vulnerabilities and write a reliable exploit. “Writing the exploit was the tricky part. It was very time consuming, especially bypassing protected mode.” Fewer went on to say, “If you spend long enough looking for bugs, you’ll always find something.”

Details of the vulnerabilities will be kept tight lipped until a patch is released. What was the prize for his efforts? Stephen Fewer won a $15,000 cash prize and a new Windows laptop.

Further reading: ,