A hacker known as w3bd3vil posted a message on Twitter a couple of days ago claiming that he found a vulnerability in the 64-bit version of Windows 7 that could be taken advantage of using Apple’s popular web browser Safari.
“<iframe height='18082563'></iframe> causes a BSoD on win 7 x64 via Safari. Lol!” said the hacker in a tweet.
In a later tweet he provides further explanations, stating that the NtGdiDrawStream which is called multiple times is causing a “not so interesting crash.”
Researchers from Secunia confirm the accuracy of the hacker’s findings, reporting that the flaw can be utilized by a hacker to take over a machine.
“The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large 'height' attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges,” reads Secunia’s report.