Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Pwn2Own (Pwn4Fun) HP Zero Day Initiative Privilege Escalation Technique Disclosed!

StephanieWisdom ‎07-30-2014 02:59 PM - edited ‎06-09-2015 10:37 AM

Today the HP Zero Day Initiative (ZDI) disclosed information on a privilege escalation technique in Microsoft Internet Explorer (ZDI-14-270). This technique was discovered earlier this year and demonstrated at the 2014 Pwn4Fun charity competition held by ZDI. HP TippingPoint Intrusion Prevention System (IPS) customers – as of 04/08/2014 – have exclusive coverage in the form of filter 13787, or 113 days prior to disclosure. This vulnerability may be chained with others to allow for privilege escalation to medium integrity in Microsoft Internet Explorer. The vulnerability is in the browser’s failure to maintain integrity checks on browser processes when proxied through localhost. 

 

See further details of the vulnerability here. Due to the nature of this vulnerability, Microsoft has stated they will not be providing a patch.

 

By Cory Ford

HP TippingPoint Digital Vaccine Team

0
About the Author

StephanieWisdom

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Events
February 2016
Online
Software Expert Days - 2016
Join us online to talk directly with our Software experts during the online Expert Days - see details below. Software experts do not monitor this foru...
Read more
Ongoing
See board event postings
Vivit Events - 2016
Learn about upcoming Vivit webinars and live events in 2016.
Read more
View all