Reply to Message

Yes

honeymonster 21st Jul 2010

@ye
Yes, Flash is sandboxed (when running in IE - not in Firefox or Chrome). But for whatever reason Adobe had designed their own broker process (instead of using the IE supplied one) - which furthermore had the capability to launch arbitrary programs. Go figure. A bug in this broker process combined with a Java bug was what was used in pwn2own.

Reply
Flag

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

A CNET Professional Brand

ZDNet

Log In | Join | Site Assistance | Follow via Twitter Facebook Email

All of ZDNet
Reviews
Downloads

Featured Articles

Top Productivity Apps for the iPad 3

Top Productivity Apps for the iPad 3

The new iPad is a good tool for getting things done.

Facebook Lockdown: The Definitive Guide

Facebook Lockdown: The Definitive Guide

Facebook's privacy and security settings have changed massively.

A power user's guide to Windows 8

A power user's guide to Windows 8

Ed Bott reveals small but useful hidden shortcuts, surprises, and secrets.

Love stinks: The worst mergers in tech

Love stinks: The worst mergers in tech

Corporate mergers can end in utter disaster.

Services

Popular on CBS sites: US Open | PGA Championship | iPad | Video Game Reviews | Cell Phones

© 2012 CBS Interactive. All rights reserved. Privacy Policy | Ad Choice | Terms of Use

Around the network