cancel
Showing results for 
Search instead for 
Did you mean: 

Researcher sat on critical IE bugs for THREE YEARS

Highlighted
Sr. Community Expert Advisor

Researcher sat on critical IE bugs for THREE YEARS

VUPEN waited for Pwn2Own cash while IE's sandbox leaked

By Darren Pauli,

 

Security outlet VUPEN has revealed it held onto a critical Internet Explorer vulnerability for three years before disclosing it at the March Pwn2Own hacker competition.

The company wrote in a disclosure last week it discovered the vulnerability (CVE-2014-2777) on 12 February 2011 which was patched by Microsoft on 17 June (MS14-035).

 

Full Article

 

This vulerblity was patched in Junes Updates schedule Microsoft Security Bulletin Minor Revisions Issued: June 17, 2014


Sr. Community Expert Advisor


 


2016-07-18_12-11-32.png Microsoft® Windows Insider MVP - Windows Security


1 REPLY
Community Leader

Re: Researcher sat on critical IE bugs for THREE YEARS

Here's a prime example of greed to the fullest. VUPEN collected $US300,000 for vulnerabilities disclosed at Pwn2Own affecting Adobe Reader, Internet Explorer, Mozilla Firefox, and Adobe Flash.This is their bread and butter by keeping these vulnerabilties under wraps.

Community Leader