2007 Pwnie Award Nominees

Best Client-Side Bug

ANI buffer overflow (CVE-2007-0038)

QuickTime Java extensions vulnerability(CVE-2007-2175)

RSA signature forgery for a public exponent of 3 (CVE-2006-4339)

Unhandled exception filter chaining vulnerability (CVE-2006-3648)

Best Server-Side Bug

Microsoft DNS Server RPC interface buffer overflow (CVE-2007-1748)

Sendmail signal handler race condition (CVE-2006-0058)

Solaris in.telnetd remote root exploit (CVE-2007-0882)

Best Song

Let’s talk about Sec

Set I.T. Managers Free

Symantec Revolution

Trade Secrets

Lamest Vendor Response

BMC Performance Manager SNMP Command Execution (CVE-2007-1972)

Detection bypass in Norman Antivirus (CVE-2007-3952)

EnCase vulnerabilities reported by iSEC

OpenBSD IPv6 mbuf kernel buffer overflow (CVE-2007-1365)

Mass 0wnage

ANI buffer overflow exploitable through IE and Firefox (CVE-2007-0038)

QuickTime scripting bug used in a MySpace worm (CVE-2007-0059)

WMF SetAbortProc remote code execution (CVE-2005-4560)

Most Innovative Research

Attacks on Uninitialized Local Variables

Automated vulnerability auditing in machine code

Exploiting Embedded Systems at CanSecWest 2007

Heap Feng Shui in JavaScript

Temporal Return Addresses

Most Over-Hyped Bug

BluePill

MacBook Wi-Fi Vulnerabilities

www.exploitingiphone.com