Digging for IE11 Sandbox Escapes

by James Forshaw
Sept. 19, 2017 0 comments www.blackhat.com belen_caty Pen Testing & Audits ie11 sandbox vista

This workshop will contain a deep-dive into the 4 sandbox escapes I discovered during the 30-day bug bounty period, some which have been present since Vista and IE7. I'll run through the process I undertook to find these vulnerabilities, giving time to go in-depth on how to investigate the IE11 sandbox, run your own code and analyze the attack surface. Sample source code for all issues will be provided for use to allow you to test the issues out yourself.