Security bug in Windows 7 detected

News by Dan Kaplan

A researcher has posted on Twitter about a Windows vulnerability that can be exploited through Apple's Safari browser.

A researcher has posted on Twitter about a Windows vulnerability that can be exploited through Apple's Safari browser.

According to ‘webDEViL', "<iframe height='18082563'></iframe>" causes a blue screen of death on Windows 7 x64 via Safari. Asked how he had discovered this flaw, he replied: "Persistence. Perseverance."

According to H security, the source of the vulnerability is the function NtGdiDrawStream, and Heise Security has been able to reproduce the problem; the 32-bit version is not affected.

This was confirmed by vulnerability management firm Secunia in an advisory. It said that this is caused by a weakness in the driver file of Win32 and can be exploited to corrupt memory via a specially crafted web page, containing an IFRAME with an overly large ‘height' attribute, when viewed using the Apple Safari browser.

“Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected,” said Secunia.

A Microsoft spokeswoman did not immediately respond to a request by for comment, but according to reports, the software giant is looking into the matter.

Talking to SC Magazine, webDEViL said he has not contacted Microsoft as "they take too much time to patch and we get too little credit".

Asked if he was aware of this flaw affecting other browsers, he said: “This is not really a browser flaw. It affects Win 7 kernel and one possible way of triggering this is using Safari.”

Finally, he was asked if he was aware if this vulnerability has a wider scope other than the blue screen of death; he said he was not, but it was possible. “If someone [were] to develop a working exploit, this would execute stuff with kernel privileges bypassing a lot of restrictions,” he said.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews