Researcher sat on critical IE bugs for THREE YEARS

  • 24 July 2014
  • 1 reply
  • 228 views

Userlevel 7
Badge +54

VUPEN waited for Pwn2Own cash while IE's sandbox leaked

By Darren Pauli, 24 Jul 2014
 
Security outlet VUPEN has revealed it held onto a critical Internet Explorer vulnerability for three years before disclosing it at the March Pwn2Own hacker competition.
The company wrote in a disclosure last week it discovered the vulnerability (CVE-2014-2777) on 12 February 2011 which was patched by Microsoft on 17 June (MS14-035).
 
Full Article
 
This vulerblity was patched in Junes Updates schedule Microsoft Security Bulletin Minor Revisions Issued: June 17, 2014

1 reply

Userlevel 7
Here's a prime example of greed to the fullest. VUPEN collected $US300,000 for vulnerabilities disclosed at Pwn2Own affecting Adobe Reader, Internet Explorer, Mozilla Firefox, and Adobe Flash.This is their bread and butter by keeping these vulnerabilties under wraps.

Reply