Wednesday, December 28, 2011

Windows 7 64-bit Memory Corruption Vulnerability

          A person known by the alias of "w3bd3vil" on twitter released an HTML snippet that will cause the 64 bit version of Windows 7 to blue screen if  viewed under Safari. The underlying vulnerability is however not a flaw in Safari but rather a flaw in the Windows kernel mode device driver, win32k.sys.

"A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges," the Secunia advisory said.
The possibility that the vulnerability can be exploited by using means other than Safari cannot be ruled out. According to webDEViL, the source of the vulnerability is the function NtGdiDrawStream. This could evolve either into a local privilege escalation issue or a remote code execution as admin problem. In particular if triggered by more popular browsers (Internet Explorer, Firefox, Chrome).

0 comments:

Post a Comment