A Tale of Two Pwnies (Part 1)

Discussion in 'other security issues & news' started by Hungry Man, May 22, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html

    He had to use quite a few bugs. It's interesting to track the exploit as it jumps between the sandboxes.

     
    Last edited: May 22, 2012
  2. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I feel Wilders is getting too technical lately. HAHAHA
    Although i read the whole article i only understood like a half of it. :D
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The technical explanation was nice. Even if you don't know that kinda stuff you can still see it was: (dumbed down)
    1) Launch Native Client Plugin through a flaw in Prerendering
    2) Use NaCli GPU access to exploit the GPU process
    3) Use GPU process to ROP and execute code within the GPU sandbox
    4) Move from GPU sandbox to weak renderer sandbox
    5) Move from weak renderer sandbox to extension manager
    6) Exploit a bug in extension manager to register an NPAPI extension

    and, of course, at that point they can execute code through the NPAPI.

    Quite a few bugs/ exploits had to be chained together along with making use of universal non-aslr on Windows.
     
Loading...
Thread Status:
Not open for further replies.