A person known by the alias of "w3bd3vil" on twitter released an HTML snippet that will cause the 64 bit version of Windows 7 to blue screen if viewed under Safari. The underlying vulnerability is however not a flaw in Safari but rather a flaw in the Windows kernel mode device driver, win32k.sys. The proof of concept code by w3bd3vil only triggers a system crash. However, the system crash is the result of memory corruption and there is a possibility that this flaw could be used to execute arbitrary code. In order to accomplish this, the attacker would also need to work around the Windows 7 protection like DEP and ASLR. How to bypass these protections has been shown for other exploits. A successful code execution would be very serious in this case. Win32k.sys, as kernel mode code, runs with system privileges and an attacker would obtain full access, exceeding the privileges of the user triggering the code. Quick summary: Watch out for more on this over the next days. This could evolve either into a local privilege escalation issue or a remote code execution as admin problem. In particular if triggered by more popular browsers (Internet Explorer, Firefox, Chrome). https://secunia.com/advisories/47237/ ------ |
Johannes 4040 Posts ISC Handler Dec 21st 2011 |
Thread locked Subscribe |
Dec 21st 2011 9 years ago |
Does anyone actually run Safari on Windows :D :D
|
James 35 Posts |
Quote |
Dec 21st 2011 9 years ago |
@James Safari is often included in the download for iTunes (at least in the past). It is probably on a lot more computers than you might expect.
|
James 4 Posts |
Quote |
Dec 22nd 2011 9 years ago |
The basis of this seems to have been known about for a while (2005):
https://bugzilla.mozilla.org/show_bug.cgi?id=320430 |
Alex 19 Posts |
Quote |
Dec 23rd 2011 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!