The attack also bypassed DEP (data execution prevention) and ASLR (address space layout randomization), two protection mechanisms built into Windows 7.
Fewer won a $15,000 cash prize and a new Windows laptop.
In addition, researchers from French pen-testing company VUPEN were also on hand with a fully tested exploit for IE8.
VUPEN's researchers also successfully exploited a zero-day flaw in Apple?s Safari browser. By attacking a MacBook, the researchers visited a rigged website and successfully launched a calculator on the compromised machine. The exploit bypassed ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two anti-exploit mitigations built into Mac OS X. The hijacked machine was running a fully patched version of Mac OS X (64-bit).
VUPEN won a $15,000 cash prize and an Apple MacBook Air 13" running Mac OS X Snow Leopard.
On the other hand, none tried to break into Google's Chrome browser. Google offered a $20,000 prize for any successful exploit.