Vupen Security

Vupen sells exploit

French company Vupen Security announced the successful creation of an exploit for Windows 8, connected by a chain of many 0-day vulnerabilities in Windows 8 and Internet Explorer 10.

Naturally, the company does not intend to provide information on vulnerabilities in Microsoft. The business model Vupen Security, the firm sells oday-vulnerabilities and exploits customers among law enforcement agencies, intelligence agencies of Western countries, mostly NATO countries. High moral code Vupen Security does not allow selling exploits in countries with dictatorial regimes or undeveloped democracy where these tools can be used against innocent civilians.

Vupen Security specializes in finding vulnerabilities and exploits to create programs Microsoft, Apple and Google. The company traditionally wins hacking contests that require the most efficient way to use 0day-vulnerability.

Exploit new Win8 + IE10 from HiASLR / AntiROP / DEP & Prot Mode exit out of the sandbox (Flash required) is already available.

As we see, the hackers have managed to overcome Vupen defenses Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP), as well as methods AntiROP, which are focused on blocking techniques bypass ASLR and DEP.

Links:

http://www.bit-tech.net/news/bits/2012/11/02/win8-zero-day/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s