Internet Explorer 8 on Windows 7 hacked in 2 minutes
Two researchers yesterday won $10,000 each at the CanSecWest. The German researcher Nils found ways to disable DEP and ASLR by exploiting Mozilla’s Firefox 3.6. The other contestant Vreugdenhil of the Netherlands used a two-exploit combination to circumvent first ASLR and then DEP to successfully hack Internet Explorer 8. Each attack was made on a fully-patched 64-bit version of Windows 7. Each of them was awarded the notebook they attacked, $10,000 in cash and a trip to the DefCon conference in Las Vegas this July.
Computerworld Security reports: “It was a two-step exploitation,” Vreugdenhil said of the unusual attack. “I could have done it with one, but it would have taken too long.” Using the double-exploit technique gave him control of the machine in a little over two minutes; if he had used only one exploit, the task would have required 50 to 60 minutes.
