Congratulation! You’ve been nominated for a Pwnie Award.
Ok, hmm, I’ve been nominated for a Pwnie Award for
Mass 0wnage. From the Pwnie Awards website, the
Mass 0wnage Pwnie Award is
Awarded to the person who discovered the bug that resulted in the most widespread exploitation. Also known as the
Pwnie for Breaking the Internet.
The Nominees are:
QuickTime scripting bug used in a MySpace worm (CVE-2007-0059) Discovered by: pdp, int3l, |)ruid
The MySpace worm used a combination of a QuickTime cross-domain scripting vulnerability discovered in September 2006 by pdp and a MySpace CSS navigation replacement bug found by int3l and |)ruid. The worm was simple, but the number of affected users was very high.
ANI buffer overflow exploitable through IE and Firefox (CVE-2007-0038) Discovered by: Alexander Sotirov, anonymous rediscovery
The buffer overflow in the Windows ANI parser was discovered and reported to Microsoft in December of 2006. It was rediscovered in the wild three months later and led to massive exploitation due to the availability of highly reliable and completely silent exploits. Both Internet Explorer and Firefox were affected, although the public exploits targeted only IE.