Select Page


CARLSBAD, Calif., October 5, 2011 – ExploitHub, the marketplace for penetration testers, is issuing a bounty for exploits developed against 12 high-value vulnerabilities (CVEs). Security researchers who submit working exploits against these CVEs can earn up to $4,400. In addition, they retain rights to sell these exploits within the marketplace and earn additional residual income.

ExploitHub is the first legitimate marketplace for validated, non-zero-day exploits for penetration testers to acquire exploits in order to perform more comprehensive testing. As a dynamic marketplace, ExploitHub’s integrated bounty system allows users to request development of an exploit against any vulnerability. Customers can incentivize exploit authors by committing to pay a fixed one-time ‘bounty’ upon delivery. Authors retain rights to the exploit for future sales and earn residual income.

ExploitHub is launching this feature and seeding the bounty system by funding pay-outs for the following ‘dirty dozen’ client-side exploits. These previously disclosed vulnerabilities were identified as affecting typical enterprise networks.

Key facts:

  • Submitted bounty candidates shall be client-side remote exploits resulting in code execution; PoC and denial of service does not count.
  • Exploits under the bounty program are not currently available in the Metasploit framework community edition or other exploit toolkits.
  • Bounty amounts vary by exploit, ranging from $100 to $500 with a current total bounty of $4,400
  • The first participant to submit a working exploit wins. The bounty award shall be made by check within 45 days of receipt and validation.
  • Participants may not be residents of a US embargoed country.
  • Development Requests are listed here:
  • ‘Dirty Dozen’ Exploits with a Bounty:

    • CVE-2011-1256: Microsoft Internet Explorer CElement Memory Corruption: $300
    • CVE-2011-1266: Microsoft Internet Explorer VML vgx.dll Use After Free: $500
    • CVE-2011-1261: Microsoft Internet Explorer selection.empty Use After Free: $500
    • CVE-2011-1262: Microsoft Internet Explorer Redirect Memory Corruption: $300
    • CVE-2011-1963: Microsoft Internet Explorer XSLT Memory Corruption: $500
    • CVE-2011-1964: Microsoft Internet Explorer Style Object Memory Corruption: $500
    • CVE-2011-0094: Microsoft Internet Explorer CSS Use After Free Memory Corruption: $500
    • CVE-2011-0038: Microsoft Internet Explorer 8 IESHIMS.DLL Insecure Library Loading: $200
    • CVE-2011-0035: Microsoft Internet Explorer Deleted Data Source Object Memory Corruption: $300
    • CVE-2010-3346: Microsoft Internet Explorer HTML Time Element Memory Corruption: $300
    • CVE-2011-2110: Adobe Flash Player ActionScript Function Variable Arguments Information: $300
    • CVE-2011-0628: Adobe Flash Player Remote Integer Overflow Code Execution: $300

    “Client-side exploits are the weapons of choice for modern attacks, including spear phishing and so-called APTs. Security professionals need to catch up,” said Rick Moy, CEO. “This program is designed to accelerate the development of testing tools, as well as help researchers do well by doing good.”

    About NSS Labs, Inc.

    NSS Labs, Inc. is the leading independent information security research and testing organization. Its expert analyses provide information technology professionals with the unbiased data they need to select and maintain complex security products for their organizations. Pioneering intrusion detection and prevention system testing with the publication of the first such test criteria in 1999, NSS Labs evaluates firewall, unified threat management, anti-malware, encryption, web application firewall, and other technologies on a regular basis. The firm’s real-world test methodology is the only one to assess security products against live Internet threats. NSS Labs tests are considered the most aggressive in the industry. Founded in 1991, the company has offices in Carlsbad, California and Austin, Texas. For more information, visit