IE

No Image

Pwn2Own: Nothing is safe

The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another 21 critical bugs in Firefox, Chrome, Safari, IE, Adobe Flash, Adobe reader, and last, but definitely not least, the Windows operating system. For those who don’t know the contest, the name “Pwn2Own” is derived from the fact that contestants must “pwn” or hack the device in order to “own” or win it. Chrome got both its stable and beta versions hacked in just two minutes. Google paid $75,000 for just one buffer overflow in Chrome which allows an attacker to bypass the sandbox. Apple’s Safari got also hit by using a use-after-free (UAF) vulnerability in an uninitialized stack pointer in the browser and bypassed the sandbox for code execution. Internet Explorer 11 64-bit was taken out with a time-of-check to time-of-use (TOCTOU) vulnerability allowing for read/write privileges. The attacker evaded all the defensive mechanisms by using a sandbox escape through privileged JavaScript injection, all of which resulted in medium-integrity code execution. Mozilla Firefox was hit with an out-of-bounds read/write vulnerability leading to medium-integrity code execution. A team of researchers showed their skills against Flash by using a heap overflow remote code execution vulnerability and then leveraging…


No Image

Bug or feature: Mime Type Detection

Also known as MIME Sniffing, this is a feature or bug in IE which is the only browser able to dynamically determine the content type of the document it loads. So, in this case, it detects a plain text document with HTML content instead of a an JPG header. And the content of the “JPG” file which is text/html: The URL was reported to Phishtank and CleanMX. The users of Avira Professional and Avira Premium Security Suite are protected if they use the latest Webguard signatures.


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close