Researcher finds Microsoft Windows 7 security bug

Share this article:

A researcher has taken to Twitter to warn of a Windows vulnerability that can be exploited through Apple's Safari browser.

The hybrid flaw, which vulnerability management firm Secunia confirmed in an advisory, is caused by a weakness in the driver file of Win32, which is a core interface used by Windows to communicate with the programs that run on it.

Secunia confirmed the validity of the vulnerability, which it deemed "highly critical," on a fully patched Windows 7 Professional 64-bit machine. Earlier versions of the operating system also may be affected.

The memory-corruption bug can be exploited if users are tricked into visiting a malicious web page that contains an IFRAME "with an overly large 'height' attribute," according to the advisory, published Monday.

"Successful exploitation may allow execution of arbitrary code with kernel-mode privileges," the advisory said.

A Microsoft spokeswoman did not immediately respond to a request by SCMagazineUS.com for comment, but according to reports, the software giant is looking into the matter.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS