CVE-2013-2554

Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787...

Zerodium Offers $500K for Secure Messaging App Zero Days

Zerodium, a vendor operating in the nebulous exploit acquisition market, has put a premium on zero-day vulnerabilities in secure messaging applications in a new pricing structure announced today. Remote code execution and local privilege elevation zero days in messaging apps such as WhatsApp,...

CVE-2013-2551-sample analysis and exploits and Defense-vulnerability warning-the black bar safety net

0x0 is written on the front VUPEN team in the Pwn2Own 2013 hacking contest using the vulnerability to compromise Windows 8 environment, IE10, then on their blog discloses technical details. According to VUPEN description of the vulnerability produced in the VGX. DLL module, in the VML language...

Zerodium Offers $1.5 Million Bounty For iOS Zero-Day Exploits

Well, there's some good news for Hackers and Bug hunters, though a terrible news for Apple! Exploit vendor Zerodium has tripled its bug bounty for an Apple's iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million. Yes, $1,500,000.00 Reward. That's more than seven times what Apple is...

Zerodium Hosts Million-Dollar iOS 9 Bug Bounty

Exploit vendor Zerodium, a company started by VUPEN founder Chaouki Bekrar, today announced it will host a month-long million-dollar bug bounty focused on Apple iOS 9. Bekrar said in a statement there is a $3 million pool available for the bounty, which will close on Oct. 31 or earlier if the tot...

Microsoft Office Products Insecure Library Loading Vulnerability

microsoft products is prone to insecure library loading vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VUPEN Launches New Zero-Day Acquisition Firm Zerodium

UPDATE–In the weeks since the Hacking Team breach, the spotlight has shone squarely on the small and often shadowy companies that are in the business of buying and selling exploits and vulnerabilities. One such company, Netragard, this week decided to get out of that business after its dealings...

Взлом Hacking Team

В рунете тишина, давайте обсудим. Цитата: @cBekrar: I think I've spotted the name of the guy who sold the Windows Kernel EoP 0day to Hackingteam, 25K EUR is a decent price. --- Я думал все куда лучше, а тут директор vupen пишет, что это decent price...

Senator Demands Answers on FBI's Use of Zero Days, Phishing

The chairman of the powerful Senate Judiciary Committee is asking some pointed questions of the FBI director about the bureau’s use of zero-day vulnerabilities, phishing attacks, spyware, and other controversial tools. Sen. Charles Grassley R-Iowa has sent a letter to FBI Director James Comey...

Flash, Reader, Firefox and IE All Fall On First Day of Pwn2Own

Four different research teams on Wednesday cracked four products–Adobe Flash, Reader, Mozilla Firefox, and Microsoft Internet Explorer—and collectively earned a payout of $317,000 on the first day of Pwn2Own 2015. The annual hacking contest, which kicked off Wednesday in Vancouver, runs...

VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)

VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the...

VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014)

VUPEN Security Research - Microsoft Windows "DirectShow" Local Privilege Escalation Vulnerability Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user...

VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014)

VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as...

VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014)

VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog" Protected Mode Sandbox Bypass Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and...

VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass (Pwn2Own)

VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to creat...

VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own)

VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, vie...

VUPEN Discloses Details of Patched Firefox Pwn2Own Zero-Days

Contestants at this year’s Pwn2Own contest made no bones about it: they were going after browsers and as it turned out, Firefox had the biggest target on its back. Mozilla’s popular browser was popped four times during the Canadian hacker festival accounting for a quarter of the $800,000-plus in...

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that delivers viewing of...

CVE-2014-1763

Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014...

CVE-2014-1764

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014...