2010 Pwnie Award Nominees

Best Client-Side Bug

Adobe U3D Mesh Declaration Array Overrun (CVE-2009-3953)

Flash AVM JIT compiler code execution (CVE-2010-1297)

IE Aurora vulnerability (CVE-2010-0249)

Java Trusted Method Chaining (CVE-2010-0840)

Windows EOT font parser vulnerability (CVE-2009-2514)

Windows Help Center escape sequence vulnerability (CVE-2010-1885)

Best Privilege Escalation Bug

Linux sock_sendpage NULL pointer dereference (CVE-2009-2692)

Windows NT #GP Trap Handler (CVE-2010-0232 )

Best Server-Side Bug

Apache Struts2 framework remote code execution (CVE-2010-1870)

IIS FTP Server NLST buffer overflow (CVE-2009-3023)

SMB2 Negotiate Protocol Request Vulnerability (CVE-2009-3103)

Windows SMB NTLM Authentication Weak Nonce (CVE-2010-0231)

iPhone remote SMS exploit (CVE-2009-2204)

Best Song

Blackhat Life

Frame by Frame

Payment Card Security

Pwned – 1337 edition

Security Rockstar

The Game

Lamest Vendor Response

LANRev remote code execution

Novell iManager vulnerabilities

OpenCart CSRF vulnerability

SpringSource remote code execution vulnerability (CVE-2010-1622)

Most Epic Fail

Infected USB drives handed out by IBM at the AusCERT conference

McAfee false positive bricks enterprise PCs worldwide

Microsoft Internet Explorer 8 XSS filter

Netkairo – Mariposa Botnet

Unreal IRCD backdoored source tarball

Most Innovative Research

Adobe Reader’s Custom Memory Management: A Heap of Trouble

English Shellcode

Flash Pointer Inference and JIT Spraying

Practical Padding Oracle Attacks

Practical Windows XP/2003 Heap Exploitation

Zero-sized heap allocations vulnerability analysis