Skip to main content

Pwn2Own 2013: Java 7 SE Memory Corruption

May 20, 2013

Back in March, during CanSecWest, the Zero Day Initiative (ZDI) team held their annual competition called Pwn2Own. This competition pits modern software against skilled and determined attackers. A successful contestant must be able to achieve arbitrary code execution on state-of-the-art operating systems by exploiting up-to-date applications. At a minimum, a winning entry requires the use of one "0-day" vulnerability. However, due to countermeasures, some successful exploits require three or more distinct vulnerabilities. Such a requirement increases the cost for attackers significantly and makes Pwn2Own more challenging.

This year, I was fortunate enough to be among the winners of Pwn2Own. During the competition, I demonstrated an exploit that utilized two distinct memory corruption vulnerabilities in version 7 of Oracle's Java Runtime Environment (JRE). This effort was the latest product of the research I’ve conducted into exploiting memory corruption issues in Oracle's JRE for the past four years.

Now that Oracle and ZDI have both released their public advisories for these issues, we felt the time was right to publish the full details of our entry into the competition. Accuvant LABS is pleased to announce the immediate availability of the exploit code and a white paper. The white paper explains the vulnerabilities, primitives, and exploitation techniques used to win the Pwn2Own competition. Our hope is that you will find this information helpful in your future endeavors. 

Shameless plug: Check out the upcoming “Android Hacker’s Handbook”.


Pwn2Own 1 Pwn2Own 2013 - Java 7 SE Memory Corruption.pdf

Security Tools:


Related Blogs

December 23, 2014

Diversionary Tactics 101

When organizations are hacked or infected with malware, an important question they ask themselves is, “Who is attacking us?” Understanding an attacker...

See Details

November 04, 2014

Improving Reliability of Sandbox Results

Cuckoo Sandbox is an increasingly popular system for automated malware analysis. Beginning in 2010 as a Google Summer of Code project, it has quickly ...

See Details

October 31, 2014

Decoding IBM WebShere Portlet URLs

Portlet based web applications built with the IBM Web Experience Factory, previously known as the WebSphere Portlet Factory, produce long URL's contai...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.