An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash.
The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.
Proof-of-concept code showing how to crash vulnerable Win 7 boxes has
been leaked: the simple HTML script, when opened in Apple's Safari web
browser, quickly leads to the kernel triggering a page fault in an
unmapped area of memory, which halts the machine at a blue screen of
death.
The offending script is just an IFRAME tag with an overly large
height attribute. Although Safari is required to spark the system crash
via HTML, modern operating systems should not allow usermode
applications to bring down the machine. Microsoft is now investigating
the vulnerability, which was first reported by Twitter user w3bd3vil,
although the software giant is racing against hackers tracing the code
execution path to discover the underlying vulnerability in Windows 7.
A video of the Safari-triggered crash along with the HTML PoC can be seen here. Other exploit scenarios might also be possible.
The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.
A video of the Safari-triggered crash along with the HTML PoC can be seen here. Other exploit scenarios might also be possible.
Discussions on HTML tag that will affect the software paradigm.
ReplyDeletePOS softwares
what do you mean ?
ReplyDeleteplease be more spicefic !!