http://blogs.pcmag.com/securitywatch/2010/03/browsers_iphone_all_fall_like.php
The IE exploit is the most interesting because it bypasses both DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), albeit in a very cumbersome way, The researcher, Peter Vreugdenhil, explains exactly what he did in a paper on his web site.
Pwn2Own rules require the exploit code to read a particular file on the system in order to register that the exploit has run.
http://threatpost.com/en_us/blogs/hacker-exploits-ie8-windows-7-win-pwn2own-032410
Shorten URL: http://threatpost.com/en_us/OOz.
Hacker exploits IE8 on Windows 7 to Win Pwn2Own
hacking into a fully patched 64-bit Windows 7 machine using a pair of Internet Explorer vulnerabilities.
Vreugdenhil, an independent researcher who specializes in finding and exploiting client-side vulnerabilities, used several tricks to bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two significant security protections built into the Windows platform.
