New Remotely Exploitable Vulnerability Found in 64-bit Win7
An independent researcher has discovered a remotely exploitable vulnerability in Windows 7 that's linked to Apple's Safari browser.
Threat Post, a Kaspersky Lab security news service, reports that researchers are now warning about a new remotely exploitable vulnerability discovered in the 64-bit version of Windows 7. This vulnerability can be used by an attacker to run arbitrary code with kernel-mode privileges on a vulnerable machine.
The problem was first reported days ago by an independent researcher via Twitter, but has since been confirmed by Secunia. He claimed to have discovered a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari.
"A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system," reads the Secunia warning. "The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser."
"The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit," the warning adds. "Other versions may also be affected."
After the exploit was reported, Microsoft didn't confirm the problem, but merely stated that it was investigating the evidence. "We are currently examining the issue and will take appropriate action to help ensure the customers are protected," said Jerry Bryant, group manager of response communications in Microsoft's Trustworhty Computing Group.
As indicated, the only known attack vector for this specific vulnerability is through the use of Apple's Safari browser on Windows 7. As of November 2011, the Safari browser commanded only 5.92-percent of the browser market, so there doesn't seem to be a potential widespread problem. So far there's no indication that the three most popular browsers -- Internet Explorer (40.63-percent), Chrome (25.69-percent) and Firefox (25.23-percent) -- share a similar vulnerability when used in Windows 7.
- SW:TOR Hit With Code Errors, Long Server Queues
- MSI's GT780DX Gaming Notebook Arrives in Time for Xmas
- AMD CMO Nigel Dessau Leaving Company
- LoveFilm Signs Deal with Sony Pictures Entertainment
- Acer Developing a $699 15" Ultrabook, Says Supply Chain
- Apple's Anobit Acquisition Confirmed by Israeli Prime Minister
- Universal Transistor Could Enable Much Smaller Circuits
- SSD Prices Falling Faster Than HDD Prices
- Super Talent Intros Storage POD Mini USB 3.0 External SSD
- Mozilla May be Aiming For a Firefox Games Platform
- TalkTalk Tops Ofcom's Most Complained About ISP List
- Queen's Speech to Be Made Available via Kindle
- TRENDnet Launches Compact 200Mbps Powerline Adapter
- Intel Expands CPU Market Share in Q3 to 84 Percent
- Opinion: Why Microsoft’s Windows 8 App Store May Fail
- $1000 Optimus Popularis Keyboard Gets a Shipping Date
- Google Details Successes of its Chrome Release Process
- BioWare: Next Dragon Age Will Be Inspired By Skyrim
question is who uses safari on a windows machine firefox/chrome have the hearts of most people IE & opera bringing up the rear.