light bulb

Did You Know?

Posts: 15,031
Topics: 10,407
Kudos: 34,072
Registered: ‎06-12-2013

Researcher sat on critical IE bugs for THREE YEARS

VUPEN waited for Pwn2Own cash while IE's sandbox leaked

By Darren Pauli,


Security outlet VUPEN has revealed it held onto a critical Internet Explorer vulnerability for three years before disclosing it at the March Pwn2Own hacker competition.

The company wrote in a disclosure last week it discovered the vulnerability (CVE-2014-2777) on 12 February 2011 which was patched by Microsoft on 17 June (MS14-035).


Full Article


This vulerblity was patched in Junes Updates schedule Microsoft Security Bulletin Minor Revisions Issued: June 17, 2014

Sr. Community Expert Advisor

Posts: 6,423
Topics: 3,088
Kudos: 9,093
Blog Posts: 0
Registered: ‎06-02-2014

Re: Researcher sat on critical IE bugs for THREE YEARS

Here's a prime example of greed to the fullest. VUPEN collected $US300,000 for vulnerabilities disclosed at Pwn2Own affecting Adobe Reader, Internet Explorer, Mozilla Firefox, and Adobe Flash.This is their bread and butter by keeping these vulnerabilties under wraps.

Community Leader