14 DAY TRIAL // VUPEN, the team of French security researchers that identified a vulnerability in Google Chrome yesterday as part of the Pwn2Own browser-hacking competition, managed to compromise Microsoft’s Internet Explorer (IE) 9.
Threat Post reports that the experts found a heap overflow issue that’s present in many versions of Internet Explorer, including the 10 variant which is only in its initial phases.
The heap overflow bug allowed them to get into to the browser’s low-integrity area from where they leveraged a memory corruption vulnerability to access the high-integrity area.
Apparently, taking advantage of this bug is not easy. VUPEN’s Chaouki Bekrar said that two of his colleagues worked six weeks on making the exploit work.
Regarding the exploitation of IE 10, Bekrar believes that it’s more difficult than with the previous versions, mainly because of the security enhancements that prevent hackers from relying on use-after-free weaknesses and memory leaks.
VUPEN has a considerable advantage in Pwn2Own, but to make things even more exciting, a new team formed of Vincenzo Iozzo and Willem Pinckaers has also entered the competition.