VeriSign’s security company iDefence is offering rewards of $8000 – $12000 for the exposure of remotely exploitable vulnerabilities in Microsofts Windows Vista and Internet Explorer 7.  This Quarter 1 challenge offers $8000 to any vulnerability submitted which can allow execution of arbitrary code via remote exploitation, $4000 is offered for working exploit code to accompany the submitted security flaws.

Vulnerability Challenge Ground Rules:

  • The vulnerability must be remotely exploitable and must allow arbitrary code execution in a default installation of one of the technologies listed above
  • The vulnerability must exist in the latest version of the affected technology with all available patches/upgrades applied
  • ‘RC’ (Release candidate), ‘Beta’, ‘Technology Preview’ and similar versions of the listed technologies are not included in this challenge
  • The vulnerability must be original and not previously disclosed either publicly or to the vendor by another party
  • The vulnerability cannot be caused by or require any additional third party software installed on the target system
  • The vulnerability must not require additional social engineering beyond browsing a malicious site

For full details visit the lab at iDefence.