Internet Explorer 6 Hack Busts IE9 At Pwn2Own

We know Chrome saw the pointy end of the hacking stick (they have those) just days ago at this year's Pwn2Own conference, but it's not the only browser at the event to have its insides spooned out, zero-day style. Not one, but two exploits engineered by French security company VUPEN allowed it to execute code outside of the browser's sandboxed interior. The sad thing is, these flaws date back to Microsoft's geriatric Internet Explorer 6.

Speaking to ZDNet, Chaouki Bekrar, VUPEN's co-founder, told the site that the techniques went "all the way back to IE 6. It will work on IE 6 all the way to IE 10 on Windows 8." To be fair, Bekrar later mentions Internet Explorer 10 is much improved security-wise over its predecessors, however, "many vulnerabilities in [IE's] Protected Mode" based on corrupting memory exist and remain unpatched.

If you're reading this while (somehow) hugging your install of Firefox, well, I wouldn't be so quick to kiss it square on the mouth. Bekrar had no qualms revealing the fact it has plenty of hacks for "every browser on every operating system". Not that anyone is naive enough to believe any browser is 100 per cent secure.

I can't say I know anyone who jumps between browsers based solely on how secure they are, but let us know if cycle between them regularly.

[ZDNet]


Comments

    I don't expect that any browser could be 100 percent secure, however, I DO expect that exploits get fixed when found...

    "Not that anyone is naive enough to believe any browser is 100 per cent secure." No, some people are, like firefox users. In the PC world, they are like Macs.

      Hey Michael, congratulations on using "copy" and "paste". Now try and construct your own sentences that make ANY sort of sense.

    Obviously Chrome got breached at Pwn2Own this year but the speed at which Google updates Chrome and their bounty program gives me a lot of confidence in it as a browser (its not 100% secure but I'm not expecting anything to be). I'm still amazed in this day and age that IE maintains anything like the usage numbers it does.

      Yeah, I was very happy when I heard about Google's bounty on exploits. Ensures that they get found for all the right reasons :)

    People still use IE? Why? Are there still IT departments that incompetent?

      Do you work in one of those companies that says 'screw the supported browser list for that application, we will do what we want'... seriously, you comment is very narrow minded. Do you ever consider that some applications rely not only particular browsers, but particular versions of browsers? Have you considered the cost of rewriting applications, or replacing and migrating tens of thousands of users off applications due to browser support issues? Have you considered what browsers can be managed centrally across hundreds of locations, even continents? Or are you basing your comments on your one PC at home which you have have complete control of?

      I love it when people come out and say their generalilzed peices of garbage when the only network they look after is some 5-10 user system out in the suburbs. Come back to us when you look after something sizable like a 10,000 userbase network.

      +1 to dave's comment.

      IE is still recognised as the most compatibile browser and the most well-supported in most aspects.

      What you regard as "bad" about ie, probably hasnt applied since ie6.

      in web development you have to consider all the stupid people who dont use chrome or firefox, you have to cater to all the platforms

      We need IE on all 20 of our computers, as some of the websites we require access to are IE only... You try teaching some of our staff how to use 2 different browsers, and when to use which.... It's all good and well for people like you who just like to troll the web independently.

Join the discussion!

Trending Stories Right Now