Vupen claims 'remote code execution' on Windows 8

Vupen, a security company in the business of selling zero-day vulnerabilities, said Friday that it has found a way to bypass security mechanisms on Windows 8 and execute code via a Web page.
Vupen Chief Executive Chaouki Bekrar said in an email that the company's researchers had found "multiple vulnerabilities" in Windows 8 and Internet Explorer 10, the latest version of Microsoft's operating system and Web browser.
"We have researched and discovered multiple vulnerabilities in Windows 8 and Internet Explorer 10 that we have combined together to achieve a full remote code execution via a Web page which bypasses the new exploit-mitigation technologies included in Win8," he said.
Microsoft declined comment on Bekrar's email, saying that it had not received any details of the flaws. "We continue to encourage researchers to participate in Microsoft's Coordinated Vulnerability Disclosure program to help ensure our customers' protection," Dave Forstrom, director of Microsoft Trustworthy Computing, said in a statement.
Wolfgang Kandek, chief technology officer of Qualys, said the fact that Vupen had to chain vulnerabilities was an indication of how well Microsoft has bolstered security in Windows 8. To exploit such a collection of bugs would take considerable skill.

by Antone Gonsalves
Source :  http://www.itnews.com/access-control-and-authentication/50915/vupen-claims-remote-code-execution-windows-8