Interview with the Vista Pwn2Own contest winners

Posted by tracyanne on Apr 3, 2008 7:43 PM EDT
ZDNet; By Nathan McFeters 		Mail this story
Print this story

Nate: The flaw you discovered was in Adobe Flash, was this truly a cross-platform attack? Shane: Yeah, there’s a stack issue, where a type is accepting 3 parameters when it is defined to accept 2, possibly some polymorphism/name mangling bug, but either way, this object get’s called through the 3rd invalid/uninitialized memory that winds up jumping wherever we had pre-filled memory to. Nate: So then, do you have exploit code for all three of the operating systems, or are you certain that you could’ve written exploit code given enough time?

Now the Question I have is this: Given that the exploit bypassed Windows DEP, and Linux doesn't use DEP, how could they have gained root access in Linux, as they did in Windows Vista?

Full Story

  Nav
» Read more about: Groups: Linux; Story Type: Interview

« Return to the newswire homepage

Subject Topic Starter Replies Views Last Post
I''ve since discovered tracyanne 24 1,567 Apr 7, 2008 6:42 AM

You cannot post until you login.