First Chrome was a victim, and then the hackers went on to Internet Explorer.
That is what happened with a team of vulnerability researchers from French firm VUPEN hacked into Microsoft’s Internet Explorer 9 on a fully patched Windows 7 SP1 machine at the CanSecWest security conference in Vancouver. VUPEN researchers were also responsible for taking down the Google Chrome browser.
They managed to bypass the browser’s DEP and ASLR protection with a zero day heap overflow vulnerability, and then used a separate memory corruption bug to break out of its Protected Mode, which is effectively a sandbox.
Those particular flaws have existed in previous incarnations of the browser — all the way back to IE 6 — and will very likely work on the upcoming IE 10, said VUPEN founder Chaouki Bekrar.
He said it took two of their researchers six weeks of full-time work to develop an exploit for the browser. “When you have to combine many vulnerabilities and bypass all these protections, it takes a longer time,” he said.
He also said the memory corruption bug they used is only one of the many vulnerabilities they found that can break out of IE’s Protected Mode. He did say, though, the new IE 10 will be much harder to break into, as Microsoft has added new protection mechanisms.
Microsoft will get its hands only on the information regarding the heap overflow bug. “We will keep the Protected Mode bypass private for our customers,” Bekrar said.