The contest has wrapped, and we awarded $1,038,500 during the event for 58 unique 0-days. These bugs have been disclosed to the vendors, who now have 90 days to produce a patch. Congratulations to Team Viettel for winning Master of Pwn with $180,000 and 30 points. Our thanks goes out to the contestants and vendors for participating, and special thanks to Google and Synology for co-sponsoring the contest.
Welcome to the final day of Pwn2Own Toronto 2023! We’ll be updating this blog in real time as results become available. All times are Eastern (GMT -4:00).
FAILURE – Foundry Zero was unable to get their exploit of the Lexmark CX331adwe working within the time allotted.
BUG COLLISION – ANHTUD was able to execute a 2-bug chain of stack-based buffer overflows against the TP-Link Omada Gigabit Router and the Canon imageCLASS MF753Cdw for the SOHO Smashup. However, one of the bugs he used was previously known. He still earns $31,250 and 6.25 Master of Pwn points.
BUG COLLISION – Interrupt Labs was able to execute a 2-bug chain including a UAF and integer underflow against the Sonos Era 100. However, one of the bugs they used was previously known. They still earn $18,750 and 3.75 Master of Pwn points.
SUCCESS – Team Viettel was able to execute a heap-based buffer overflow and a stack-based buffer overflow against the TP-Link Omada Gigabit Router and the Canon imageCLASS MF753Cdw for the SOHO Smashup. They earn $50,000 and 10 Master of Pwn points.
Written by admin
NEWS
-
How AI Is Personalizing Customer Service Experiences Across Industries
September 7, 2024Customer service departments across industries are facing increased call volumes, high customer service agent turnover, talent shortages and shifting customer expectations. Customers expect both self-help options and real-time, person-to-person support. These expectations for seamless, personalized experiences extend across digital communication... -
ZDI-24-1195: Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
September 6, 2024This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a... -
ZDI-24-1193: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
September 6, 2024This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI...