07-24-2014 05:39 AM
By Darren Pauli, 24 Jul 2014
Security outlet VUPEN has revealed it held onto a critical Internet Explorer vulnerability for three years before disclosing it at the March Pwn2Own hacker competition.
The company wrote in a disclosure last week it discovered the vulnerability (CVE-2014-2777) on 12 February 2011 which was patched by Microsoft on 17 June (MS14-035).
This vulerblity was patched in Junes Updates schedule Microsoft Security Bulletin Minor Revisions Issued: June 17, 2014
07-24-2014 05:45 AM
Here's a prime example of greed to the fullest. VUPEN collected $US300,000 for vulnerabilities disclosed at Pwn2Own affecting Adobe Reader, Internet Explorer, Mozilla Firefox, and Adobe Flash.This is their bread and butter by keeping these vulnerabilties under wraps.