December 20, 2011

Researcher finds Microsoft Windows 7 security bug

A researcher has taken to Twitter to warn of a Windows vulnerability that can be exploited through Apple's Safari browser.

The hybrid flaw, which vulnerability management firm Secunia confirmed in an advisory, is caused by a weakness in the driver file of Win32, which is a core interface used by Windows to communicate with the programs that run on it.

Secunia confirmed the validity of the vulnerability, which it deemed "highly critical," on a fully patched Windows 7 Professional 64-bit machine. Earlier versions of the operating system also may be affected.

The memory-corruption bug can be exploited if users are tricked into visiting a malicious web page that contains an IFRAME "with an overly large 'height' attribute," according to the advisory, published Monday.

"Successful exploitation may allow execution of arbitrary code with kernel-mode privileges," the advisory said.

A Microsoft spokeswoman did not immediately respond to a request by SCMagazineUS.com for comment, but according to reports, the software giant is looking into the matter.

Related Articles
Related Topics

More in News

Attackers use Skype, other IM apps to spread Liftoh trojan

Countries in Latin America have been the primary targets in this campaign, researchers say.

Scammers on the hunt for Memorial Day deal watchers

Like they do with major news events and other holidays, online fraudsters are seeking to cash in on the upcoming Memorial Day weekend.

Proxy research firm settles charges with SEC over client breach

Institutional Shareholder Services (ISS), a research firm the advises clients on voting in proxy fights, must pay $300,000 to the U.S. Securities and Exchange Commission.