IE8 on Windows 7 hijacked with 3 vulnerabilities

Using three different vulnerabilities and clever exploitation techniques, Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win this year’s CanSecWest hacker challenge. Fewer (right), a Metasploit developer who specializes in writing Windows exploits, used two different zero-day bugs in IE to get reliable code execution and then chained a third vulnerability to jump out of the IE Protected Mode sandbox. The attack successfully bypassed DEP (data execution prevention) and ASLR (address space layout randomization), two key protection mechanisms built into the newest versions of Windows.

read more

Leave a Reply