Hacker exploits IE8 on Windows 7 to win Pwn2Own

Summary:Jumping through a series of anti-exploit roadblocks, Dutch hacker Peter Vreugdenhil hacked into a fully patched 64-bit Windows 7 machine using a pair of Internet Explorer vulnerabilities.

VANCOUVER, BC -- Jumping through a series of anti-exploit roadblocks, Dutch hacker Peter Vreugdenhil pulled off an impressive CanSecWest Pwn2Own victory here, hacking into a fully patched 64-bit Windows 7 machine using a pair of Internet Explorer vulnerabilities.

Vreugdenhil, an independent researcher who specializes in finding and exploiting client-side vulnerabilities, used several tricks to bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two significant security protections built into the Windows platform.

[ ALSO SEE: Pwn2Own MacBook attack: Charlie Miller hacks Safari again ]

"I started with a bypass for ALSR which gave me the base address for one of the modules loaded into IE. I used that knowledge to do the DEP bypass," he added.

follow Ryan Naraine on twitter

Vreugdenhil, who won a $10,000 cash prize and a new Windows machine, said he uses fuzzing techniques to find software vulnerabilities. "I specifically looking through my fuzzing logs for a bug like this because I could use it to do the ASLR bypass, he said.

After finding the IE 8 vulnerability, Vreugdenhil said it took about two weeks to write an exploit to get around the ASLR+DEP mitigations.

[ ALSO SEE: Pwn2Own 2010: iPhone hacked, SMS database hijacked ]

Members of Microsoft's IE team were on hand to witness Vreugdenhil's exploit.  A company spokesman said they were not yet aware of the details of the vulnerability but will activate its security response process once the information is collected from the contest organizers.

TippingPoint Zero Day Initiative (ZDI), the company sponsoring the hacker challenge, is expected to send the flaw details to all the affected vendors on Friday March 26, 2010.

* More to come...

Topics: Operating Systems, Browser, Microsoft, Security, Software, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.