Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia.
In a message on Twitter, a researcher named w3bd3vil said that he had found a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari. The exploit gives the attacker the ability to run arbitrary code on the victim’s machine.
“A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user’s system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large “height” attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges,” the Secunia advisory said.
Microsoft officials have not confirmed the vulnerability, but said that they’re looking into it.
“We are currently examining the issue and will take appropriate action to help ensure the customers are protected,” Jerry Bryant, group manager of response communications in Microsoft’s Trustworhty Computing Group said.
The only known attack vector for this vulnerability right now is the Safari browser running on Windows 7, which is not the most common combination. Depending upon which metrics one uses, Safari has somewhere in the neighborhood of nine to 11 percent market share. It’s not clear how many of those Safari users are running Windows, but it’s likely that the vast majority of them are running Mac OS X.
However, it’s possible that it may turn out that other browsers could be used as attack vectors for this vulnerability as more information becomes available.