When the Sand is Leaking: How I Found Five IE Sandbox Escapes in Two Weeks

Citing possible legal ramifications surrounding this presentation, Sunghun Kim has decided to cancel his talk.

All modern operating systems and applications have sandbox mechanisms to protect the systems from attackers. In the case of Windows Internet Explorer (IE), a Tab process runs at a Low Integrity Level by default.  Thus a sandbox escape must be satisfied at some point to compromise a Window system via IE in Protected or Enhanced Protected Mode.

In this talk, I present the short story of finding 5 IE sandbox escape vulnerabilities in two weeks.  This talk describes the process I used to achieve sandbox escape to execute code at a Medium Integrity Level via logic bugs.  The vulnerabilities I found in this research is applicable to most IE versions (IE 8~11 with both x86 and x64 versions) and each vulnerability can be triggered by just ONE line of code.  At the end of the talk, five IE sandbox escape techniques will be demonstrated.

Location: Track 2 Date: October 16, 2014 Time: - Sunghun ‘trimo’ Kim