Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Researchers hack Internet Explorer 11 and Chrome at Mobile Pwn2Own


15 Nov 2013   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Researchers hack Internet Explorer 11 and Chrome at Mobile Pwn2Own

Quote:
Security researchers have compromised Microsoft Surface Pro, Nexus 4 and Samsung Galaxy S4 devices by exploiting previously unknown vulnerabilities in Internet Explorer 11 running on Windows 8.1 and Google Chrome running on Android.

The exploits were demonstrated during the Mobile Pwn2Own hacking contest that ran Wednesday and Thursday at the PacSec Applied Security Conference in Tokyo.
Source

A Guy

My System SpecsSystem Spec
.

17 Nov 2013   #2

Windows 7 64-bit, Windows 8.1 64-bit, OSX Maverick
 
 

Quote from the referenced link:

Quote:
Achieving remote code execution through a Chrome vulnerability is considered very difficult because of the application sandbox that separates the browser’s processes from the operating system.

The researcher’s new Chrome exploit chained together an integer overflow vulnerability and a sandbox escape one, earning him a prize of US$50,000.
Chrome sandboxes the browser, per application.

Quote:
Exploiting a bug in IE is difficult in general because of the protections and security controls they’ve implemented,” Hariri said. The vulnerability was exploited twice in order to leak a memory address and then gain remote code execution, “which gave us full control over the whole machine,” he said.
IE sandboxes the browser per tabs.

On the surface, the method of exploits are the same, chaining together exploits and escaping the sandbox.

The article seems to suggest that sandboxing the browser is a Chrome specialty and does not mention that IE has, since IE 8 had, sandboxing available under the name of Enhanced Protection Mode, or EPM. From the timeline's perspective, IE had sandbox capabilities before Chrome did.

It would be interesting to see, if EMET would've protected against the exploit...
My System SpecsSystem Spec
17 Nov 2013   #3

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x86 Service Pack 1 - Linux Mint Mate 14 x64
 
 

For those, who do not what a integer overflow is - Integer overflow - Wikipedia, the free encyclopedia

My very short program is demonstrate it in C++:

Code:
#include <iostream>

int main() {

    int number = 4294967295; //store 4,294,967,295 in the variable called number
                            // 32-bit integer max range is exceeded

    std::cout << "Value of number: " << number + 2;

    std::cin.get();

    return 0;
}
Name:  Value.JPG
Views: 6
Size:  25.5 KB


My System SpecsSystem Spec
.


Reply

 Researchers hack Internet Explorer 11 and Chrome at Mobile Pwn2Own




Thread Tools



Similar help and support threads for2: Researchers hack Internet Explorer 11 and Chrome at Mobile Pwn2Own
Thread Forum
Charger can hack Apple devices with ‘alarming ease’, researchers claim Security News
Researchers win $100,000 for Chrome hack leaving Windows vulnerable Security News
Ctrl C starts internet chrome or internet explorer Browsers & Mail
Researchers Find Chrome OS Vulnerability Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:12 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33