Researcher finds Microsoft Windows 7 security bug

Share this article:

A researcher has taken to Twitter to warn of a Windows vulnerability that can be exploited through Apple's Safari browser.

The hybrid flaw, which vulnerability management firm Secunia confirmed in an advisory, is caused by a weakness in the driver file of Win32, which is a core interface used by Windows to communicate with the programs that run on it.

Secunia confirmed the validity of the vulnerability, which it deemed "highly critical," on a fully patched Windows 7 Professional 64-bit machine. Earlier versions of the operating system also may be affected.

The memory-corruption bug can be exploited if users are tricked into visiting a malicious web page that contains an IFRAME "with an overly large 'height' attribute," according to the advisory, published Monday.

"Successful exploitation may allow execution of arbitrary code with kernel-mode privileges," the advisory said.

A Microsoft spokeswoman did not immediately respond to a request by SCMagazineUS.com for comment, but according to reports, the software giant is looking into the matter.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and ...

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

Progress on national breach notification law may stall

A bill, which would require a national reporting standard, has failed to make it before the Senate or House this year.