Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.
This year Andy and I were finally able to take part in the Pwn2Own contest during the CanSecWest conference in Vancouver. We won the Internet Explorer 11 competition by compromising a fully-patched Windows 8.1 (x64) system. For successful exploitation we abused three distinct vulnerabilities:
(In fact, we needed three Internet Explorer vulnerabilities, since the second vulnerability in our exploit chain had been patched the day before the contest - yes, it was a rather sleepless night.)
The vulnerabilities have been patched in the Microsoft Security Bulletins MS14-035, MS14-037 and MS14-040.
The vulnerability analysis, a detailed description of the exploitation process and the patch analysis can be downloaded HERE.
Hopefully see you at next year’s Pwn2Own! :)
Sebastian
pwn2own 1 afd.sys 1