Hacker Finds Vulnerability, Exploitable on Windows 7 Running Safari

A hacker going by the name w3bd3vil recently tweeted that there was a security flaw within Windows 7 version 64-bit, which attackers could exploit via Safari the widely-used Web-browser of Apple, published softpedia.com dated December 21, 2011.

The tweet was that <iframe height='18082563'></iframe> was responsible for a Blue Screen of Death (BSoD) against Win 7 x64 through Safari.

In a subsequent message, also on Twitter, the hacker gives more descriptions, mentioning that the multiple times summoned NtGdiDrawStream is resulting in a crash that isn't much exciting.

Investigators from Secunia validate that the hacker's discovery is accurate, notifying that any attacker can use the flaw for compromising a computer.

Basically, Secunia's report states that the security flaw happens because of an error within win32k.sys as well as is exploitable for distorting memory through, say, one maliciously created website that has an iFrame, which contains one unexceptionally huge 'height' factor seen inside Apple's Safari Web-browser. Further, incase of the flaw's exploitation turning successful there maybe arbitrary code execution using kernel-mode privileges, the report adds. Softpedia.com published this.

Meanwhile, Microsoft hasn't validated the flaw, while the question remains regarding the time and the possibility of the software giant towards rectifying it following its detection.

Group Manager Jerry Bryant of Response Communications within the Trustworthy Computing Group of Microsoft, while remarking about the problem, stated that the team of experts was presently analyzing the problem as also would act appropriately for making sure the customers were safeguarded. Threatpost.com reported this on December 20, 2011.

Understandably, it's the use of Safari by a Windows 7 operator that's the medium of assault only known where the flaw can be presently exploited, with the combination as rather unusual. Meanwhile, based on the type of metrics used, the market share of Safari stands between 9% and 11%. And though one mayn't be able to exactly tell the number of those Safari consumers who're operating Windows, it is possible that most have Mac OS X running.

Yet, there's a probability that other forms of Web-browsers maybe utilized as mediums of assault to exploit the said flaw with additional information becoming obtainable.

Related article: Hacker & Virus in MySpace

» SPAMfighter News - 12/30/2011