Results 1 to 2 of 2

Thread: New Exploits Break Out of IE8 Sandbox

  1. #1
    Join Date
    Apr 2003
    Posts
    13,269
    Rep Power
    34

    Default New Exploits Break Out of IE8 Sandbox

    Escaping the Internet Explorer 8 sandbox appears to be the latest and greatest in Windows exploit development.

    In this QuickTime movie (.MOV file inside a .ZIP), Alex McGeorge of Immunity Inc. uses their CANVAS exploit testing software to demonstrate a new exploit from the White Phosphorus exploit pack. The new exploit breaks out of the IE8 sandbox, allowing shell code running in the context of the LocalSystem account.

    As McGeorge says in the demo, the IE8 sandbox has proven to be "quite formidable." It runs browsing sessions in low-integrity processes with very limited rights. There are a lot of exploits that run in the IE8 sandbox, but they can't do anything to make the exploit worthwhile.

    At last week's PWN2OWN contest at the CanSecWest conference researcher Stephen Fewer broke out of the IE8 sandbox with a 0-day bug, apparently in IE8 itself. Fewer agrees that IE8 is a tough target and that sandboxes make exploitation much harder:

    Read more: http://blogs.pcmag.com/securitywatch...ut_of_sand.php
    "The best software is the one that fits your needs." - A_A

    Virus free since: date unknown
    Anti-virus free since: August 2008

  2. #2
    Join Date
    Oct 2010
    Posts
    8
    Rep Power
    0

    Default

    Google Chrome has the best sandbox

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •