Researcher finds Microsoft Windows 7 security bug
A researcher has taken to Twitter to warn of a Windows vulnerability that can be exploited through Apple's Safari browser.
The hybrid flaw, which vulnerability management firm Secunia confirmed in an advisory, is caused by a weakness in the driver file of Win32, which is a core interface used by Windows to communicate with the programs that run on it.
Secunia confirmed the validity of the vulnerability, which it deemed "highly critical," on a fully patched Windows 7 Professional 64-bit machine. Earlier versions of the operating system also may be affected.
The memory-corruption bug can be exploited if users are tricked into visiting a malicious web page that contains an IFRAME "with an overly large 'height' attribute," according to the advisory, published Monday.
"Successful exploitation may allow execution of arbitrary code with kernel-mode privileges," the advisory said.
A Microsoft spokeswoman did not immediately respond to a request by SCMagazineUS.com for comment, but according to reports, the software giant is looking into the matter.