Congratulation! You've been nominated for a Pwnie Award.

Wed, 01 Aug 2007 08:36:05 GMT
by pdp

Ok, hmm, I've been nominated for a Pwnie Award for "Mass 0wnage". From the Pwnie Awards website, the "Mass 0wnage" Pwnie Award is "Awarded to the person who discovered the bug that resulted in the most widespread exploitation. Also known as the "Pwnie for Breaking the Internet"."

The Nominees are:

QuickTime scripting bug used in a MySpace worm (CVE-2007-0059) Discovered by: pdp, int3l, |)ruid

The MySpace worm used a combination of a QuickTime cross-domain scripting vulnerability discovered in September 2006 by pdp and a MySpace CSS navigation replacement bug found by int3l and |)ruid. The worm was simple, but the number of affected users was very high.

ANI buffer overflow exploitable through IE and Firefox (CVE-2007-0038) Discovered by: Alexander Sotirov, anonymous rediscovery

The buffer overflow in the Windows ANI parser was discovered and reported to Microsoft in December of 2006. It was rediscovered in the wild three months later and led to massive exploitation due to the availability of highly reliable and completely silent exploits. Both Internet Explorer and Firefox were affected, although the public exploits targeted only IE.

Archived Comments

David KierznowskiDavid Kierznowski
Maybe next year homie
pdp, congratulate you with nomination in Mass 0wnage category. The winner of Pwnie for Mass 0wnage WMF SetAbortProc remote code execution is also nice vulnerability ;-).