Exploiting 64 Bit IE on Windows 8.1 - The Pwn2Own Case Study

Dive into the intricacies of exploiting 64-bit Internet Explorer on Windows 8.1 in this 40-minute conference talk from the 44CON Information Security Conference. Explore the challenges faced by exploit writers when targeting 64-bit IE, including the ineffectiveness of simple heap spraying techniques. Learn about the strategies employed to bypass Control Flow Guard (CFG) mitigation and the Enhanced Protected Mode (EPM) sandbox. Discover the details of two vulnerabilities used to successfully compromise 64-bit IE during Pwn2Own 2015. Examine the proof-of-concept exploit, demonstrating techniques for achieving ASLR & CFG bypass and remote code execution using a single uninitialized memory bug. Gain insights into the vulnerability exploited to bypass IE's EPM sandbox and elevate privileges.

Exploiting 64 bit IE on Windows 8 1 – The Pwn2Own Case Study Presented By Yuki Chen and Linan Hao