ID: IRCNE2012111666
Date: 2012-11-05
"Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed)." that is part of a recent message on Twitter from Vupen, a French company that specialises in finding vulnerabilities in widely used software from companies such as Microsoft, Adobe, Apple and Oracle.
According to “TechWorld”, Vupen occupies a gray area of computer security research, selling vulnerabilities to vetted parties in governments and companies but not sharing the details with affected software vendors. The company advocates that its information helps organisations defend themselves from hackers, and in some cases, play offense as well.
Vupen has found a problem somewhere in Microsoft's new Windows 8 operating system and its Internet Explorer 10 browser. The flaw has not been publicly disclosed or fixed by the company yet.
Vupen's finding is one of the first issues for Windows 8, released last week, and Internet Explorer 10, although vulnerabilities have since been found in other third-party software that runs on the Windows 8.
Vupen's Twitter message, written on Wednesday, implies the vulnerability would allow a hacker to bypass security technologies contained within Windows 8, including high-entropy Address Space Layout Randomisation (ASLR), anti-Return Oriented Programming and DEP (data execution prevention) measures. The company also indicates it is not dependent on a problem with Adobe System's Flash multimedia program.
- 2