A hacker known as w3bd3vil posted a message on Twitter a couple of days ago claiming that he found a vulnerability in the 64-bit version of Windows 7 that could be taken advantage of using Apple’s popular web browser Safari.
“<iframe height='18082563'></iframe> causes a BSoD on win 7 x64 via Safari. Lol!” said the hacker in a tweet.
In a later tweet he provides further explanations, stating that the NtGdiDrawStream which is called multiple times is causing a “not so interesting crash.”
Researchers from Secunia confirm the accuracy of the hacker’s findings, reporting that the flaw can be utilized by a hacker to take over a machine.
“The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large 'height' attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges,” reads Secunia’s report.
- 64-Bit Version of ZeuS Comes with Improved Evasion, Rootkit Capabilities
- 64-bit ZBOT Leverages Tor, Improves Evasion Techniques
- Privatefirewall - 64bit support
- Researchers Spot 64-Bit Version of ZeuS Malware
- Exploiting Internet Explorer 11 64-bit on Windows 8.1 Preview
- New Xpiro Infectors Are Persistent and Can Infect Both 32-bit and 64-bit Files