|
Título: Google Chrome 0 Day Publicado por: NachoEx en 14 Mayo 2011, 15:53 pm Esto es lo que decia char en otro foro.Lo cito:
Citar VUPEN ha publicado un video donde muestra un sofisticado exploit o-day para ejecutar código arbitrario en Google Chrome, evitando su Sandbox, ASLR y DEP y sin explotar ninguna vulnerabilidad en el núcleo de Windows, es silenciosa y funciona en todos los sistemas Windows de 32 y 64 bits. http://www.youtube.com/watch?v=c8cQ0yU89sk&feature=player_embedded (http://www.youtube.com/watch?v=c8cQ0yU89sk&feature=player_embedded) Este vídeo no está clasificado. Solo pueden verlo los usuarios que conozcan el enlace correspondiente. Para mas informacion : http://www.vupen.com/demos/ (http://www.vupen.com/demos/) Esto es lo que dice en su web. Citar Hi everyone, We are (un)happy to announce that we have officially Pwned Google Chrome and its sandbox. The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64). The video shows the exploit in action with a default installation of Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64). The user is tricked into visiting a specially crafted web page hosting the exploit which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox (at Medium integrity level). Título: Re: Google Chrome 0 Day Publicado por: Neomind en 7 Junio 2011, 02:37 am Yo sé de alguien que se va a llevar el premio este año :D
|