2009 Pwnie Award Nominees

Best Client-Side Bug

Java Calendar Object Deserialization Sandbox Privilege Escalation (CVE-2008-5353)

LittleCMS (CVE-2009-0733)

msvidctl.dll MPEG2TuneRequest Stack buffer overflow (CVE-2008-0015)

Best Privilege Escalation Bug

Linux udev Netlink Message Privilege Escalation (CVE-2009-1185)

VMware Display Function Host Code Execution from Guest (CVE-2009-1244)

Best Server-Side Bug

Linux SCTP FWD Chunk Memory Corruption (CVE-2009-0065)

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass (CVE-2009-1535)

djbdns Cache-Poisoning Vulnerability (CVE-2009-0858)

Best Song

50 Ways to Inject Your SQL

I Break Stuff

Nice Report

Epic 0wnage

Red Hat Networks Backdoored OpenSSH Packages (CVE-2008-4250)

Lamest Vendor Response

Adobe

Linux

Microsoft

Lifetime Achievement Award

Dark Tangent

Fravia+

Solar Designer

Mass 0wnage

Green Dam Youth Escort Long URL Stack Buffer Overflow

Microsoft Windows MS08-067 Server Service Worms (CVE-2008-4250)

Most Epic Fail

Linux default kernel security

StrongWebmail CEO’s mail hacked via XSS

Twitter Gets Hacked and the “Cloud Crisis”

Most Innovative Research

From 0 to 0day on Symbian

Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs

MD5 considered harmful today

Most Over-Hyped Bug

Clickjacking (CVE-2008-4503)

MS08-067 Server Service NetpwPathCanonicalize() Stack Overflow (CVE-2008-4250)

Unspecified OpenSSH 0day