HTML Tag Can Cause Windows 7 x64 Blue Screen of Death

Wednesday, December 21, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Secunia has released a security advisory warning that a specially crafted webpage can cause a fully patched Windows 7 x64 system to crash.

At this point the page just makes Windows 7 perform the dreaded “Blue Screen of Death”, but it could be used maliciously to create a Zero-day exploit:

“The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large “height” attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges,” Secuina advises.

See YouTube video here:  http://www.youtube.com/watch?v=u-62ZqrhD2k&feature=player_embedded

Hackers look for bugs like this to create exploits that will drop them into the system remotely with administrator or even system level privileges.

The attack works only against the 64-bit version of Windows 7, the 32-bit version seems unaffected. But, the warning does state that the bug may be present in other versions of Windows.

This is concerning as Windows Server 2008 shares a lot of code with Windows 7, which leaves the question open as to whether or not it is also affected. As of yet, there is no patch available to fix this issue.

Source:  http://cyberarms.wordpress.com/2011/12/21/html-tag-can-cause-windows-7-x64-to-blue-screen-of-death/

Possibly Related Articles:
13043
Vulnerabilities
Windows 7 Vulnerabilities Exploits Headlines Privilege Escalation Advisory Blue Screen of Death Secuina
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked