HTML Tag can Cause Windows 7 x64 to “Blue Screen of Death”

Secunia has released a security warning that a specially crafted webpage can cause a fully patched Windows 7 x64 system to crash. At this point the page just makes Windows 7 perform the dreaded “Blue Screen of Death”, but it could be used maliciously to create a Zero-day exploit.

“The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large “height” attribute viewed using the Apple Safari browser.

Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.”

Hackers look for bugs like this to create exploits that will drop them into the system remotely with administrator or even system level privileges.

The attack works only against the 64-bit version of Windows 7, the 32-bit version seems unaffected. But the warning does state that the bug may be present in other versions of Windows. This is concerning as Windows Server 2008 shares a lot of code with Windows 7, I am curious if it is also affected.

As of yet, there is no patch available to fix this issue.

*** Update – It is interesting that it is not just a large number as the advisory states. A quick search around the web and the number in question is available. It seems to be a specific 8 digit number. A random number above 8 digits did not trigger the crash.

Just a single line stored in an html file with the right number causes the crash:

As soon as you attempt to open the webpage with Safari, your Windows 7 instantly crashes. Hopefully Apple will get this patched quickly.

~ by D. Dieterle on December 21, 2011.

3 Responses to “HTML Tag can Cause Windows 7 x64 to “Blue Screen of Death””

  1. Seriously, does *anyone* use Safari on Windows?

  2. […] Screen of Death” « CYBER ARMS – Computer Security Posted by シロ on 22/12/2011 HTML Tag can Cause Windows 7 x64 to “Blue Screen of Death” « CYBER ARMS – Computer Security. Sharing is caring!! :EmailTwitterFacebookLike this:LikeBe the first to like this post. This […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: