Recently, in the PWN20WN hacker competition, the VUPEN team that previously cracked Chrome has used two different 0-day vulnerabilities to break one of them.Windows7 SP1 system computer, which means that IE9 browser was also cracked in this hacking competition. Chaouki Bekrar, the team leader, said that the 0-day vulnerability they used in IE9 is actually applicable to IE6 to IE10 browsers, this means that IE10 with WIN8 debut will face severe security threats.
Hackers mentioned that in this attack, they mainly used two vulnerabilities to attack IE9. The first vulnerability was used to execute SEHLLCODE, the second vulnerability is mainly used to enhance the sandbox defense of the bypass protection mode. These attack vulnerabilities and methods are fully applicable to IE 10 browsers on WIN8. However, Bekrar suggested that at present, because Microsoft has added the protection of Memory leakage after user use in the background, it still takes some time for them to completely break the IE10 browser.
Two researchers from the team spent six weeks investigating IE9 vulnerabilities for the PWN2WN competition, said Chaouki Bekrar. With the perfect use of the vulnerabilities of the two browsers, The VUPEN team became the most striking contestant in this year's PWN20WN hacking competition. This team is from France and mainly engaged in vulnerability-related research.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
