pwn2own flash flaw

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

More details on the Pwn2Own Flash flaw that won the Vista machine

More details on the Pwn2Own Flash flaw that won the Vista machineOr should we blame MicrosoftFor their inability to push DEP sooner and get more of a response out developers sooner and breaking applications that have been coded wrongly for years.That would be the ABMer's excuse anyway.NBMer would say that...

Tags: Microsoft Windows Vista (Longhorn), Programming languages, Operating systems, UNIX, SECURITY, Pwn2Own Flash, Pwn2Own Flash flaw, Microsoft Windows Vista, data execution prevention, Vista Machine, Java, flaw, Nate, Adobe Systems Inc., Microsoft Corp., Linux

Discussion threads 2008-03-31

Additional Resources

Pwn2Own hacker contest targets browsers, smart phones

After two straight years of taking dead aim at Macbooks and Windows-powered machines, hackers at this year's CanSecWest conference will have shiny new targets:  Web browsers and mobile phones. According to CanSecWest organisers, there will be two separate Pwn2Own competitions this year -- one pitting hackers against...

Tags: Phone, Mobile, Smart Phone, Apple MacBook, Web Browser, Hacker, Hacking, Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Blog posts 2009-02-11

Has Internet Explorer ever been safe?

Has Internet Explorer ever been safe?The recommendation to use an alternative browser is based on......the existence of an exploit for which a patch is not available as of the time I write this. It is not being given because IE is insecure. I would hope this same advice were given...

Tags: Web browsers, Microsoft Internet Explorer, Web browser

Discussion threads 2008-12-17

On deck from MS: Four 'important' patches but nothing for IE

On deck from MS: Four 'important' patches but nothing for IEAm I correct that uninstalling Safari mitigates the problem?I realize it isn't a fix but am I correct in believing that for the time being, removing Safari effectively closes off the only known attack vector that can utilize this vulnerability?...

Tags: Web browsers, SECURITY, patch management, flaw, Apple Safari, Apple Inc., Microsoft Corp., Microsoft Internet Explorer

Discussion threads 2008-07-03

Adobe patches 7 issues, including Pwn2Own contest flaw and DNS rebinding issues

Adobe published an advisory covering issues, including a fix for the Pwn2Own flaw that we previously discussed here.  Adobe's details are published here.  One of the issues that was patched was discovered by myself and fellow researcher (and co-worker at Ernst & Young's Advanced Security Center) Rob Carter, see the picture to the...

Tags: Adobe Systems Inc., DNS, Domain, Lookup, Microsoft Internet Explorer, Web Browser, Domain Name, Flaw, Rob, Flash, XmlHttp Request, Kicker, Domain Names, Web Browsers, Networking, Internet, Nathan McFeters

Blog posts 2008-04-09

Adobe Flash Pwn2Own details released by ZDI...

... and unfortunately leaves much to be desired.  I think many people were hoping for the disclosure from ZDI to contain a lot of details on what could've been exploited with this issue, unfortunately, the details just aren't really there.  In fact, after reading it, I think I have more...

Tags: User Interaction, Adobe Systems Inc., Vulnerability, Adobe Flash Player, ZDI Advisory, Security, Nathan McFeters

Blog posts 2008-04-08

Adobe claims to have known of Flash issue prior to CanSecWest '08, patch is on the way

In a comment in a talkback on the original issue discovered in Adobe Flash that led to the compromise of the Vista machine at the Pwn2Own contest, an Adobe representitive, Erick Lee, Manager of Adobe Secure Software Engineering Team ASSET, claimed that Adobe knew of the flaw and has a patch...

Tags: Adobe Systems Inc., Patches, Security, Team Management, Management, Nathan McFeters

Blog posts 2008-04-03

Interview with the Vista Pwn2Own contest winners

Interview with the Vista Pwn2Own contest winnersSo NO, we did not duplicate it on any other platform.What Nate states is this is a compiler issue with a polymorphism/name mangling bug. Therefore, it is not a Adobe coding issue. So my questions still remain:1) Have you duplicated this on...

Tags: Microsoft Windows Vista (Longhorn), data execution prevention, Vista Pwn2Own, Nate, flaw, Microsoft Windows Vista

Discussion threads 2008-04-02

Interview with the Vista Pwn2Own contest winners

Update 04/03/2008: I've updated the article as apparently the link to k2's blog was broken.  Also, it's important to note that Derek Callaway was a part of this research and exploitation as well, and I neglected to mention that. So obviously our coverage of the Pwn2Own contest has...

Tags: Adobe Systems Inc., Vulnerability, JavaScript, Microsoft Windows Vista, Exploit, Data Execution Prevention, Flaw, Nate, Programming Languages, Java, Security, Software Development, Software/Web Development, Nathan McFeters

Blog posts 2008-04-02

News to know: Dell; MinWin; Microsoft's Glasnost; Mozilla

Notable headlines: Larry Dignan: Dell: We'll save $3 billion; Cut 8,800 positions Ed Bott: Is MinWin really the new Windows 7 kernel? Jason Perlow: Microsoft Meets Open Source: Glasnost 2.0. Dana Blankenhorn: If the birthmark fits, Microsoft will wear it ...

Tags: Apple iPhone, Larry Dignan, Dell Computer Corp., Microsoft Corp., Mozilla Corp., Wireless LANs, Data Centers, Microsoft Windows, Storage, Wi-Fi, Wireless, Hardware, Data Management, Operating Systems, Software

Blog posts 2008-04-01

Pwn2Own: What OS really won?

Pwn2Own: What OS really won?They all lost!In my opinion, the Flash flaw would've been able to compromise any of the OS's, so I would say they all lost. BUT, if I had to go on who lost the most, I'd go as follows:1.) Mac OS X - A flaw...

Tags: Operating systems, UNIX, SECURITY, operating system, Pwn2Own, flaw, Ubuntu, Linux

Discussion threads 2008-03-31

More details on the Pwn2Own Flash flaw that won the Vista machine

So, I've been pretty surprised by the response to the discussion of the Flash flaw that allowed the Vista machine to be compromised in the Pwn2Own contest.  I'm working on getting an interview with Alexander Sotirov and Shane Macaulay (see image, courtesy of ZDI's official site) to discuss the issue, but...

Tags: Java, Microsoft Windows Vista, Data Execution Prevention, Flaw, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Microsoft Windows, Software, Nathan McFeters

Blog posts 2008-03-31

News to know: OOXML; Adobe AIR for Linux; Copyright; Best midrange hardware

Notable headlines: Paula Rooney: Microsoft's OOXML gets ISO approval ... maybe Mary Jo Foley: Microsoft OOXML standardization bid: The clock is ticking OOXML standard vote down to the wire  Christopher Dawson: OOXML vs. ODF - Should Ed Tech care? ...

Tags: Apple iPhone, Adobe Systems Inc., Adobe PhotoShop, Adobe AIR, Microsoft Corp., Hardware, Photo-sharing, Dashwire, Linux, UNIX, Operating Systems, Open Source, Software, Larry Dignan

Blog posts 2008-03-31

Vista falls in Pwn2Own contests final day to a flaw in Adobe Flash

Vista falls in Pwn2Own contests final day to a flaw in Adobe Flashopiniondirector webFair is fair: Blame Adobe's not VistaVista is a piece of junk that NOBODY with a brain likes because it is actually slower and less usable than XP.But this "hack" can not be blame on...

Tags: Microsoft Windows Vista (Longhorn), Operating systems, Microsoft Windows Vista, Ubuntu, operating system, Adobe Systems Inc., Adobe Flash, Microsoft Corp.

Discussion threads 2008-03-29

Vista falls in Pwn2Own contests final day to a flaw in Adobe Flash

Update 3/29/2008: Just to clarify in case it wasn't clear, this is a flaw in an Adobe product, Adobe Flash, and not in a Microsoft product or in the Windows Vista operating system.  This is important to note, as it's not quite as glamorous as the flaw that took down...

Tags: Adobe Systems Inc., Microsoft Windows Vista, Flaw, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Microsoft Windows, Software, Nathan McFeters

Blog posts 2008-03-29