Windows 7 Paid Hacker Busts IE8 On Windows 7 In Two Minutes......


Former Moderator
March 25, 2010

(Dutch researcher explains his strategy for outwitting Microsoft defense mechanisms to win $ 10,000)

Peter Vreugdenhil of the Netherlands bypasses DEP & ASLER to bring down Microsoft's Browser. And another German Researcher who wouldn't give his full name, called Nils found a way to disable DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) Each contestant faced down a fully patched 64 bit version of Windows 7 and came out a winner. Vreugdenhil used a two exploit combination to circumvent first ASLR and then DEP to successfully hack IE8. A half hour later "Nils" bypassed the same defensive mechanisms to exploit Mozillas Firefox 3.6.

Each contestant was awarded the notebook that they hacked and $10,000 in cash and a paid trip to the Def-Con Hackers Conference in Las Vegas in July. Vreugdenhil used a heap flow overfill vulnerability to obtain the base address .dll module that IE8 loads into memory. Then he used that to run his DEP shirting exploit. (The Exploit) reuses Microsoft's own code to disable memory production. He could have done that in one step, but it would have taken too long-- 50 or 60 minutes.

Nils side stepped DEP and ASLR in Windows 7's newest version of Firefox. This is Nils second victory at "Pwn2Own". Last year he won $ 15,000 by exploiting not only Firefox, but also Safari and IE8. The information and strategies "Pwn2Own" purchased from the researchers will be turned over to the affected vendors on Friday.

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.