light bulb

Did You Know?



Reply
Posts: 5,114
Topics: 3,272
Kudos: 6,330
Registered: ‎06-12-2013

Researcher sat on critical IE bugs for THREE YEARS

VUPEN waited for Pwn2Own cash while IE's sandbox leaked

By Darren Pauli,

 

Security outlet VUPEN has revealed it held onto a critical Internet Explorer vulnerability for three years before disclosing it at the March Pwn2Own hacker competition.

The company wrote in a disclosure last week it discovered the vulnerability (CVE-2014-2777) on 12 February 2011 which was patched by Microsoft on 17 June (MS14-035).

 

Full Article

 

This vulerblity was patched in Junes Updates schedule Microsoft Security Bulletin Minor Revisions Issued: June 17, 2014

Sr. Community Leader

Posts: 3,332
Topics: 2,009
Kudos: 2,422
Blog Posts: 0
Registered: ‎06-02-2014

Re: Researcher sat on critical IE bugs for THREE YEARS

Here's a prime example of greed to the fullest. VUPEN collected $US300,000 for vulnerabilities disclosed at Pwn2Own affecting Adobe Reader, Internet Explorer, Mozilla Firefox, and Adobe Flash.This is their bread and butter by keeping these vulnerabilties under wraps.

Community Leader