Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Remote Flaw In 64-Bit Windows 7

Posted by samzenpus on from the hole-in-the-wall dept.

Trailrunner7 writes "Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia. In a message on Twitter, a researcher named w3bd3vil said that he had found a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari. The exploit gives the attacker the ability to run arbitrary code on the victim's machine."

8 of 284 comments (clear)

  1. Headline.. Flaw in APPLE Safari for windows found by SirBitBucket · · Score: 4, Insightful

    So far you must use Safari under Win7 64bit to exploit this. But we would never want to say anything bad about Apple, only about Microsoft...

  2. Re:So all 5 of you running Safari on Windows by lgw · · Score: 4, Insightful

    So, wait, is this a Win7 exploit or a Safari exploit?

    --
    Socialism: a lie told by totalitarians and believed by fools.
  3. Re:So all 5 of you running Safari on Windows by SirBitBucket · · Score: 5, Insightful

    Sounds like it is an exploit of an issue with a windows component, but it is currently only known to be exploitable through Safari. Kind of like you could hotwire a car (windows) if you happen to have replaced your windows with Saran wrap (Safari), and can get right through them.

  4. Re:So all 5 of you running Safari on Windows by jedidiah · · Score: 4, Insightful

    It shouldn't matter.

    The OS simply should not melt because Apple can't code it's way out of a wet paper bag.

    A real OS should simply not fall apart just because the users or programmers are idiots or malicious.

    --
    A Pirate and a Puritan look the same on a balance sheet.
  5. Re:So all 5 of you running Safari on Windows by MikeyO · · Score: 5, Insightful

    Perhaps both, definitely a bug in win7. If something the unprivileged safari process does crashes the kernel, we know there must be a bug in win7.

  6. I don't think I'd call this remote by sqlrob · · Score: 4, Insightful

    Remote to me means "it's connected, you're vulnerable". This requires the user to take an action, getting some local data. From the description, you could have the same files on the file system and it would work.

    Bad? Yeah. But not "plug it in, computer is pwned" bad.

  7. Re:Silly by ledow · · Score: 4, Insightful

    Missing the point. Point is that userland code (and the example uses Safari but what should it matter *what* program activates it - it shouldn't be possible and can probably be easily activated by any sort of direct code) creates a BSOD in Windows.

    That shouldn't happen - that's the whole point of an OS.

  8. Re:So all 5 of you running Safari on Windows by Guy+Harris · · Score: 5, Insightful

    The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser.

    So, they blame win32k.sys - but apparently the actual bug is that you can cause something resembling a buffer overflow by feeding Safari a ridiculously large bit of data as an iFrame.

    Could go either way.

    Should go both ways.

    Apple should fix the Safari bug so it doesn't mishandle IFRAMEs with "overly large" "height" attributes.

    Microsoft should fix the in-kernel graphics code so you can't use it to break into the system.