Researchers Bypass IE Protected Mode 91
Trailrunner7 writes "A new paper from researchers at Verizon Business identifies a method through which an attacker can bypass Internet Explorer Protected Mode and gain elevated privileges once he's successfully exploited a bug on the system. Protected Mode in Internet Explorer is one of a handful of key security mechanisms that Microsoft has added to Windows in the last few years. It is often described as a sandbox, in that it is designed to prevent exploitation of a vulnerability in the browser from leading to more persistent compromise of the underlying system. In their research, the Verizon Business team found a method that, when combined with an existing memory-corruption vulnerability in the browser, enables an attacker to bypass Protected Mode and elevate his privileges on the compromised machine (PDF). The technique enables the attacker to move from a relatively un-privileged level to one with higher privileges, giving him complete access to the logged-in user's account."
The trouble with sandboxes (Score:5, Funny)
Re:Oh great. (Score:4, Funny)
How do i know that pdf isn't maliciously crafted to infect my system. Html and css people, it's what is made for presentation of content on multiple systems.
HTML and CSS is for the "Researchers exploit PDF reader" report. :).
PDF is for the "Researchers exploit browser" report.
Re:The trouble with sandboxes (Score:4, Funny)
Question: Would that be before or after the neighborhood cats discover it?