Security bug in Windows 7 detected

A researcher has posted on Twitter a few Windows vulnerability that may be exploited through Apple's Safari browser.

According to ‘webDEViL', "<iframe height='18082563'></iframe>" causes a blue screen of death on Windows 7 x64 via Safari. Asked how he had discovered this flaw, he replied: "Persistence. Perseverance."

According to H security, the source of the vulnerability is the function NtGdiDrawStream, and Heise Security was ready to reproduce the issue; the 32-bit version isn't affected.

This was confirmed by vulnerability management firm Secunia in an advisory. It said that here's because of a weakness within the driver file of Win32 and might be exploited to deprave memory via a specially crafted web site, containing an IFRAME with a very large ‘height' attribute, when viewed using the Apple Safari browser.

“Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. The vulnerability is confirmed on a totally patched Windows 7 Professional 64-bit. Other versions can also be affected,” said Secunia.

A Microsoft spokeswoman didn't immediately reply to a request by SCMagazineUS.com for comment, but in line with reports, the software giant is calling into the problem.

Talking to SC Magazine, webDEViL said he has not contacted Microsoft as "they take an excessive amount of time to patch and we get too little credit".

Asked if he was accustomed to this flaw affecting other browsers, he said: “This is absolutely not a browser flaw. It affects Win 7 kernel and one real way of triggering that is using Safari.”

Finally, he was asked if he was aware if this vulnerability has a much wider scope rather than the blue screen of death; he said he was not, nevertheless it was possible. “If someone [were] to develop a working exploit, this is able to execute stuff with kernel privileges bypassing lots of restrictions,” he said.