A team of specialists Vupen Security has used an exploit on a fully updated Windows 7 SP1.
During the hacking contest Pwn2Own, which took place in the CanSecWest security conference in Vancouver, a group of security experts from France Vupen Security hacked web browser Internet Explorer from Microsoft. The experts have created an exploit for one of two critical vulnerabilities that they were able to detect. It brought experts victory in the competition, reports Computerworld.
Action Vupen exploit demonstrated by IE9 on a fully updated Windows 7 SP1. According to experts, this vulnerability exists in all versions of the browser above 6, and developed an exploit can even be used to compromise Windows 8 with IE10.
It should be noted that under the terms of the competition, participants are not required to provide developers with information about the compromised product detected gap. However, Vupen stressed that they intend to transfer the data to Microsoft on one of the vulnerabilities related to buffer overflows. The second vulnerability of experts decided to leave “for their clients.”
Earlier, the company Google has expressed the intention to act as a sponsor of Pwn2Own, but later abandoned due to the fact that the conditions of competition does not require experts to disclose information about detected vulnerabilities. Alternatively, a company set up its own competition Pwnium with a prize fund of $1 million.