Skip to comments.A simple HTML tag will crash 64-bit Windows 7
Posted on 12/21/2011 10:18:07 AM PST by ShadowAce
An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash.
The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.
Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in Apple's Safari web browser, quickly leads to the kernel triggering a page fault in an unmapped area of memory, which halts the machine at a blue screen of death.
The offending script is just an IFRAME tag with an overly large height attribute. Although Safari is required to spark the system crash via HTML, modern operating systems should not allow usermode applications to bring down the machine. Microsoft is now investigating the vulnerability, which was first reported by Twitter user w3bd3vil, although the software giant is racing against hackers tracing the code execution path to discover the underlying vulnerability in Windows 7.
A video of the Safari-triggered crash along with the HTML PoC can be seen here. Other exploit scenarios might also be possible. ®
Then the title should read "Apple's Safari has critical security flaw," but of course the Apple iPologist press would never admit that.
While I am no fan of Apple, the title is correct.
An application should not be able to crash the system.
Oh, bull. A userland application like Safari (or any other application) should be able to make a mistaken, stupid, or malicious system call (e.g. "Crash System NOW") and the operating system should refuse to do so. It's the OS's responsibility to refuse to do bad things.
What if the "application" were a malicious piece of software? You're really claiming that the "security flaw" is in the hacker's code?
Geez, fella. Learn something about computer security before you make stupid accusations.
So....I have the 64-bit version in my Toshiba Satellite laptop. Is there some kind of patch or other fix available from Microsoft?
Microsoft always has a problem with a long jump to a far pointer
I have seen them screw that up every time
Any browser but Safari is your patch. And really who’s using the Apple browser on Windows.
Ok, so what happens when the same html is run on OS X? Windows flaw.
The only people in God's Universe more rabid than Apple Cultists.
Sounds like an easy fix to me.
Until something comes out, don’t use Safari.
Incorrect. There is a flaw in the kernel allowing user space applications to fault memory, Safari just happens to be the app that has uncovered it.
I use Safari occasionally.
But after upgrading to Safari 5, I began having problems with the computer hanging up and deleted it from my Windows 7 64 bit computer.
Are you saying Apple’s Safari is a malicious piece of software?
I agree with you....When you down load an executable, you either give it permission to run on your system or you don’t. The OS cannot protect itself from user inflicted dumbsh!tness.....you ignorant puffed up smidgeon of blowfish sh!t
Exceptionally POOR testing at micro$oft !
Yeah, that patch is called Linux.
So all 3 users of Safari are impacted. Yes this shouldn’t crash the system, but we do need to find out why it is before we blame MS. It will probably be a windows issue, but it is possible that safari introduced it.
Before anyone says a usermode app shouldn’t allow that...we don’t know if Safari did something at ring 0. It’s doubtful but it is possible.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.