Just thought this was worth posting here, as IE8 is very highly regarded for its security. It was successfully exploited, bypassing both ASLR & DEP at the Pwn2Own contest.
There has been a couple of successful attacks against these protections in the past year but considering how robust they have been, this is quite significant IMO. Will no doubt have some more holes punched in it shortly with better standardized exploitation techniques/research appearing.
Exploit paper detailing techniques is here for anyone interested, very interesting bypass of DEP, http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf
Been a bad week for browsers across the board
There has been a couple of successful attacks against these protections in the past year but considering how robust they have been, this is quite significant IMO. Will no doubt have some more holes punched in it shortly with better standardized exploitation techniques/research appearing.
Exploit paper detailing techniques is here for anyone interested, very interesting bypass of DEP, http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf
Been a bad week for browsers across the board