Friday, 30 December 2011

Discovered vulnerability in the version of Windows 7 x64

According to Twitter, which was published by 'webDEViL', Windows 7 contains a serious vulnerability that could be used by Apple's Safari web browser.

Namely, 'webDEViL' claims to show specific HTML elements placed within the web page causes Safari browser bug known as "BSoD" (Blue Screen of Death) in Windows 7 x64 operating system.

He then states that the source of vulnerability in the features NtGdiDrawStream and that subsequent tests showed that 32-bit version is not affected by vulnerability. This vulnerability is confirmed in well-known company Secunia issued its safety recommendation.

The recommendation is that the vulnerability was caused by an error in win32k.sys file and may be used to breach the integrity of working memory using a specially formatted web page that contains IFRAME with attribute set too high 'height'. Successful abuse of vulnerability may allow execution of arbitrary code with kernel privileges.

No comments:

Post a Comment