MWR Labs Pwn2Own 2013 Write

MWR Labs Pwn2Own 2013 Write: MWR Labs took part in Pwn2Own 2013, demonstrating a full sandbox escape against Google Chrome. Two exploits were used in the demonstration:

• A type confusion in WebKit, Chrome’s rendering Engine (CVE-2013-0912). We blogged about this vulnerability previously.
• A kernel pool overflow in Win32k which allowed us to break out of the sandbox by compromising the underlying operating system (CVE-2013-1300).

This blog post discusses the details of the kernel vulnerability and exploit. The specific vulnerability was fixed by Microsoft in MS013-053.