Vupen selling Windows 8 zero-day bug to highest bidder

Written by Andre Yoskowitz @ 04 Nov 2012 1:05 User comments (5)

French security firm has announced they are selling a Windows 8 zero-day exploit to the highest bidder.

Vupen writes: "Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed)."

The firm specializes in finding vulnerabilities in software, most notably from companies like Microsoft, Apple and Adobe.

However, Vupen is no saint. The company sells its research to third-parties, normally in governments and companies, without sharing the details with the affected software makers. The software makers can also purchase the research, and many do.

The new exploit is for the new Windows 8 OS, and also includes the Internet Explorer 10 browser. Vupen has not yet shared the details with Microsoft.

Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8
-- VUPEN Security (@VUPEN) October 30, 2012

Tags: Exploits Windows 8 vupen security firm

<Mozilla: 'Glitch' cost us millions of downloads >Sharp: We may not make it

5 user comments

15.11.2012 12:45

megadunderhead

Send private message to this user

Senior Member

ha ha ha ha ha ha ha ha ha ha ha ha ha rolmao ha ha ha ha i knew windows 8 wasn't cleared of bugs

25.11.2012 18:13

bobiroc

Send private message to this user

Senior Member

Originally posted by megadunderhead:
ha ha ha ha ha ha ha ha ha ha ha ha ha rolmao ha ha ha ha i knew windows 8 wasn't cleared of bugs

Please find an operating system or piece of software that is. There isn't one.

38.11.2012 10:49

ronatola

Send private message to this user

Junior Member

I wonder how much it would cost MS to purchase?

48.11.2012 18:37

LeeC22

Send private message to this user

Newbie

Originally posted by megadunderhead:
ha ha ha ha ha ha ha ha ha ha ha ha ha rolmao ha ha ha ha i knew windows 8 wasn't cleared of bugs

Neither is iOS... hence the latest update from Apple, that fixes numerous bugs, that installing the bug riddled iOS 6 gave you.

I'm sure the OS that you're capable of writing, won't have bugs though... probably won't be any code to have bugs in.

59.11.2012 19:49

pmshah

Send private message to this user

Member

Why not ? Someone has to pay for their time and effort. Antivirus software companies do get paid why not VUPEN?

Comments have been disabled for this article.

	YouTube Premium starts showing ads to subscribers (13 Nov 2024 3:09) For years, YouTube Premium has been marketed as a way to enjoy an ad-free YouTube experience. But apparently, that is no longer the case, as Premium subscribers are now starting to see ads on the platform.
	Android 16 will launch sooner than expected (01 Nov 2024 6:45) Google announced that upcoming Android 16 will break the traditional once-a-year cycle of major Android launches. Next Android is poised to launch in Q2 of 2025, so Android 16 should ship before end of June, 2025.
	Winamp ends its "open source" project that wasn't really open source (20 Oct 2024 11:12) Less than a month after the legendary MP3 player Winamp made its source code public, the company has made a sudden U-turn and removed its code from distribution. 2 user comments
	Winamp released its source code - but didn't go open source (25 Sep 2024 12:38) The source code of Winamp has now been officially released. However, it hasn't become a pure open-source project, as its licensing terms prohibit the creation of new, different versions.
	Does your phone rattle? Here's why it happens (25 Aug 2024 8:30) When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments

	What happens if you don't update Android? Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
	What IP rating for dust and water resistance means An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean? 1 user comment
	GUIDE: Wi-Fi speeds are slow? Here are some tips Having problems with Wi-Fi speed and stability at home? Here are some tips to follow to alleviate the issues. 1 user comment
	Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems. 1 user comment
	Does your phone rattle? Here's why it happens When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments

Vupen selling Windows 8 zero-day bug to highest bidder

5 user comments

Latest news

Reviews

Guides

News archive

Subscribe

Sections:

Follow us:

	Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.
	Sharge x OnePlus Pouch review: Beautiful power bank that supports SuperVOOC charging In our review, we take a look at Sharge's power bank that supports OnePlus SuperVOOC quick charging technology as well as standard USB PD charging. It has small design flaws, but despite those, the Pouch is very nice product. 1 user comment
	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.