Researcher finds Microsoft Windows 7 security bug

Share this article:

A researcher has taken to Twitter to warn of a Windows vulnerability that can be exploited through Apple's Safari browser.

The hybrid flaw, which vulnerability management firm Secunia confirmed in an advisory, is caused by a weakness in the driver file of Win32, which is a core interface used by Windows to communicate with the programs that run on it.

Secunia confirmed the validity of the vulnerability, which it deemed "highly critical," on a fully patched Windows 7 Professional 64-bit machine. Earlier versions of the operating system also may be affected.

The memory-corruption bug can be exploited if users are tricked into visiting a malicious web page that contains an IFRAME "with an overly large 'height' attribute," according to the advisory, published Monday.

"Successful exploitation may allow execution of arbitrary code with kernel-mode privileges," the advisory said.

A Microsoft spokeswoman did not immediately respond to a request by SCMagazineUS.com for comment, but according to reports, the software giant is looking into the matter.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.