During this years Pwn2Own hacking contest, a team of French researchers were able to exploit two different IE zero-day flaws to hack into a completely patched Windows 7 SP1 machine. The group, called VUPEN, is currently in the lead with this hack.
The French hackers, VUPEN, utilized an unpatched heap overflow bug in Internet Exploer 9 to bypass DEP and ASLR and an additional memory consumption flaw to break out of the Protected Mode of the “browser of choice.” Not surprisingly, this attack also works on the latest preview of Internet Explorer 10 on Windows 8 Consumer Preview. According to VUPEN, this flaw goes all the way back to Internet Exploer 6. “This goes all the way back to IE 6. It will work on IE 6 all the way to IE 10 on Windows 8,” VUPEN stated. THe hacker group even stated that there are more vulnerabilities in Protected Mode, all of which are still unpatched. “We used a memory corruption vulnerability in the way Protected Mode is implemented but we have found many more vulnerabilities there.”
So the motive for participating at this years Pwn2Own? VUPEN wanted to prove that a dedicated hacker can bypass all security protections, even on the newest operating systems. “We want to show that we can.”
As far as Internet Explorer 10 goes, it was deemed much more difficult to exploit due to numerous new mitigations Microsoft has implemented. Although that sounds good, it just means that the price for vulnerabilities and exploits go higher. In other words, hacker groups will try harder than ever to hack IE10 to prove that it can be done.
Further reading: IE9, Internet Explorer, Microsoft, Pwn2Own
