Secunia has released a security warning that a specially crafted webpage can cause a fully patched Windows 7 x64 system to crash. At this point the page just makes Windows 7 perform the dreaded “Blue Screen of Death”, but it could be used maliciously to create a Zero-day exploit.
“The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large “height” attribute viewed using the Apple Safari browser.
Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.”
Hackers look for bugs like this to create exploits that will drop them into the system remotely with administrator or even system level privileges.
The attack works only against the 64-bit version of Windows 7, the 32-bit version seems unaffected. But the warning does state that the bug may be present in other versions of Windows. This is concerning as Windows Server 2008 shares a lot of code with Windows 7, I am curious if it is also affected.
As of yet, there is no patch available to fix this issue.
*** Update – It is interesting that it is not just a large number as the advisory states. A quick search around the web and the number in question is available. It seems to be a specific 8 digit number. A random number above 8 digits did not trigger the crash.
Just a single line stored in an html file with the right number causes the crash:
As soon as you attempt to open the webpage with Safari, your Windows 7 instantly crashes. Hopefully Apple will get this patched quickly.