Poking a Hole in the Patch–Escaping from IE Sandbox with a Poorly Patched Vulnerability


James Forshaw reported a vulnerability to Microsoft regarding Windows Audio Service in November 2014. In our analysis, we discovered that the patch Microsoft release later did not completely solve the problem. With a combination of techniques, we successfully bypassed the patch and can exploit the vulnerability on patched system.
Continue reading “Poking a Hole in the Patch–Escaping from IE Sandbox with a Poorly Patched Vulnerability”