

IE9 pwn2owned with 0-day with exploit working back from IE6 to IE10 on Windows 8 - kefs
https://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621

======
michaelbuckbee
Am I wrong in assuming that Vupen's customers are bad people (for values of
spam, trojans, bot-net, phishing bad)?

I'm trying to think of why else they wouldn't disclose the protected mode
bypass error, but instead keep it "private for our customers".

~~~
reggplant
According to their website, they provide 'offensive exploit services' to
governments and intelligence services. So possibly, depending on wether you
view those people as bad people.

~~~
robtoo
They even admit it's not just governments they sell to: _VUPEN customers
include worldwide governments and major corporations in finance, technology
and manufacturing._ [<http://www.vupen.com/english/company.php>] although
their continued use of weasel words does stop just short of admitting that
they're enabling industrial espionage.

~~~
joering2
_VUPEN's offensive IT intrusion solutions and government grade exploits enable
the Intelligence community and government agencies to achieve their lawful
intercept missions using VUPEN's industry-recognized vulnerability research
and intelligence._

I am trying to imagine a situation where _lawfuly_ government agencies need to
break into someones IE. Any ideas?

~~~
iy56
Collecting information pursuant to a legitimate search warrant?

~~~
joering2
hmmm.. I think law enforcement agencies need to stay in accordance with the
law even with their "discovery". Breaking into someone's IE or exploiting
vulnerabilities in order to get information otherwise you wouldn't be able to
get falls under breaking into someones "property", I think, even if its "just"
an Internet browser.

Therefore, you "legitimate" search warrant will be thrown out of window by a
judge, and classified as the Fruit of the poisonous tree.

<http://en.wikipedia.org/wiki/Fruit_of_the_poisonous_tree>

------
ecaron
As having personally worked to tell the IE team about a severe bug
(crashie.com), I can tell you that their process, community and bureaucracy
are by far the worst part of Internet Explorer. You'll get ignored, told that
the problem is with your code, mocked in the forums, and then ultimately told
the problem isn't a big enough deal (or in my case, too complicated) to fix.

The only way to get the IE team to fix issues is make a public spectacle like
Vupen did. And I completely get only exposing bugs when there is a profit to
be made, because any other route is counterproductive.

~~~
yuhong
There is a difference between security and non-security bugs. Null pointer
dereferences and hangs are not security bugs. Security bugs you are supposed
to report to MSRC. Non-security bugs typically has to wait until next version
of IE to fix.

~~~
lukesandberg
That is assuming that it is easy to tell the difference between security and
non-security bugs. Null pointer dereferences can and have been exploited to
escape security sandboxes. I read about an interesting one a few years in
flash. unfortunately all i can find now are secondary sources
([http://www.zdnet.com/blog/security/mark-dowds-null-
pointer-d...](http://www.zdnet.com/blog/security/mark-dowds-null-pointer-
dereference-exploit-and-advanced-flash-actionscript-techiques-proove-
definitively-aliens-do-exist/1030)).

------
strictfp
Its really great to see that someone is stepping into the public eye and
disclosing just how poor protection an average PC provides. Bringing attention
to this problem could really improve privacy for your average Joe.

------
w0utert
So with IE 5.5 on Windows 95 I'm safe, right?

------
agildehaus
Start the clock for seeing how long a fix takes to reach users .... now.

------
rplnt
The "activate their response process" sounds like it will take weeks or even
months to get the fix pushed to users.

~~~
viraptor
It's the time to report, analyse, produce a fix, test... and wait for the
patch Tuesday, isn't it?

------
polshaw
I wish someone would use this to 'infect' IE users (particularly older
versions) with chrome-frame.

~~~
salmanapk
Yup. Who would down-vote this :)

