This year again, we participated at Pwn2Own Vancouver.
On Wednesday, March 20th, the first day of the contest, we showcased an exploitation chain leveraging multiple vulnerabilities in Oracle Virtualbox and Microsoft Windows 11.
The first part of the exploit, abusing 2 vulnerabilities, allowed to escape the virtual machine (VM escape) deployed through VirtualBox. Virtualization is often used as a security boundary for protecting against malware or for isolating cloud software. The main flaw is a classical buffer overflow, the first kind of memory corruption vulnerability discovered and documented in the 1990s.
Then, using a vulnerability in the Windows' kernel, we were able to perform a local privilege escalation (LPE), allowing us to get full privilege on the host OS. This demonstrates the classical usage of this type of bug: a first foothold was acquired on the computer and then the 0-day allows us to get full control as an administrator.
Thanks again to Trend Micro Zero Day Initiative for the amazing event, we are now waiting for Oracle and Microsoft patches before releasing more technical details on the vulnerabilities and exploits.