{
	"id": "48f88d92-23f7-4905-be8b-4f38cbbf9139",
	"created_at": "2026-04-06T00:11:54.185263Z",
	"updated_at": "2026-04-10T13:11:53.473369Z",
	"deleted_at": null,
	"sha1_hash": "005427d0d91bae233950181e86b3b9ac40196bc6",
	"title": "Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated]",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35355,
	"plain_text": "Virtual machine escape fetches $105,000 at Pwn2Own hacking\r\ncontest [updated]\r\nBy Dan Goodin\r\nPublished: 2017-03-17 · Archived: 2026-04-05 21:15:32 UTC\r\nContestants at this year’s Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive\r\nfeat: they compromised Microsoft’s heavily fortified Edge browser in a way that escapes a VMware Workstation\r\nvirtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three\r\ndays.\r\nAccording to a Friday morning tweet from the contest’s organizers, members of Qihoo 360’s security team carried\r\nout the hack by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an\r\nuninitialized buffer vulnerability in VMware, contest organizers reported Friday morning on Twitter. The result\r\nwas a “complete virtual machine escape.”\r\n“We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox,\r\nand we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine,” Qihoo 360\r\nExecutive Director Zheng Zheng wrote in an e-mail. “Then we exploited a hardware simulation bug within\r\nVMware to escape from the guest operating system to the host one. All started from and only by a controlled a\r\nwebsite.”\r\nVirtual machines are vital to the security of individuals and large organizations everywhere. In server hosting\r\nenvironments, they’re used as a container that prevents one customer’s data and operating system from being\r\naccessed by other customers sharing the same physical server. Virtual machines such as the VMware Workstation\r\nhacked Friday are also used on desktop computers to isolate untrusted content. Should the guest operating system\r\nbe compromised through a drive-by browsing exploit or similar attack, the hackers still don’t get access to data or\r\noperating system resources on the host machine.\r\nAny hack that can break out of a widely used virtual machine is generally considered significant. The one\r\ndescribed Friday is made all the more impressive because it works by exploiting Edge, which is regarded among\r\nsecurity professionals as one of most challenging browsers to exploit. Typically, such remote-code exploits require\r\ntwo or more vulnerabilities to be exploited in unison. The requirement appears to be why the Qihoo team\r\ncombined the heap overflow exploit with the Windows kernel hack. The description sets up a scenario in which\r\nmalicious websites can not only compromise a visitor’s virtual machine, but also the much more valuable host\r\nmachine the VM runs on. At last year’s Pwn2Own, contestants didn’t attempt to target VMWare, an indication\r\nreliable exploits were probably worth more than the $75,000 prize that was offered at the time.\r\nSource: https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2o\r\nwn/\r\nhttps://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/"
	],
	"report_names": [
		"hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own"
	],
	"threat_actors": [],
	"ts_created_at": 1775434314,
	"ts_updated_at": 1775826713,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/005427d0d91bae233950181e86b3b9ac40196bc6.pdf",
		"text": "https://archive.orkl.eu/005427d0d91bae233950181e86b3b9ac40196bc6.txt",
		"img": "https://archive.orkl.eu/005427d0d91bae233950181e86b3b9ac40196bc6.jpg"
	}
}