A simple HTML tag will crash 64-bit Windows 7 0-day leaves kernel in the wrong iframe of mind Microsoft is currently investigating reports of a zero-day vulnerability in Windows 7 64-bit that leads to crashes and could allow attackers to execute arbitrary code on affected systems.
The security flaw can be exploited by opening a Web page containing a specially-crafted iframe using Apple's Safari browser.
Twitter user WebDEViL reported that the flaw can crash a system, triggering the "blue screen of death".
Security researchers from
Secunia believe that the crash could also be leveraged to execute malicious code.
"Based on our testing the impact could be more severe due to the type of crash and nature of the vulnerability i.e. crashing when attempting to write to invalid memory in a call to memmove()," said Secunia's chief security specialist Carsten Eiram. "Based on this we do consider remote code execution a possibility though it has not been proven at this time."
The security flaw stems from an error in the win32k.sys kernel-mode driver, a common source for critical Windows vulnerabilities.
The exploit has so far only been confirmed on Windows 7 64-bit when parsing an iframe with an overly-long height attribute in Safari.
However, researchers don't exclude the possibility that other versions of Windows can be affected through different attack vectors. "Other 64-bit versions could be affected," Eiram said.
"During testing we observed no crashes on Windows XP SP3 32-bit nor Windows 7 32-bit, but cannot completely rule out that these could be affected via different approaches." he added.
Microsoft is aware of the reports, but hasn't published an advisory yet. "We are currently examining the issue and will take appropriate action to help ensure customers are protected," said Jerry Bryant, manager of response communications with Microsoft's Trustworthy Computing Group.
An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash.
The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.
Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in Apple's Safari web browser, quickly leads to the kernel triggering a page fault in an unmapped area of memory, which halts the machine at a blue screen of death.
The offending script is just an IFRAME tag with an overly large height attribute. Although Safari is required to spark the system crash via HTML, modern operating systems should not allow usermode applications to bring down the machine. Microsoft is now investigating the vulnerability, which was first reported by Twitter user WebDEVil, although the software giant is racing against hackers tracing the code execution path to discover the underlying vulnerability in Windows 7.
