The 2008 Pwnie Winner For Best Server-Side Bug

Windows IGMP kernel vulnerability (CVE-2007-0069)

Discovered by: Alex Wheeler and Ryan Smith

Not only did Alex Wheeler and Ryan Smith lay claim to a lucky CVE number, they also laid down the law with a remote kernel code execution vulnerability that was exploitable in the default firewall configuration on Windows XP, 2003 and Vista. Despite the SWI team’s claim that its exploitation is “unlikely in real-world conditions”, Kostya Kortchinsky was able to develop a highly reliable exploit for this vulnerability.