Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[AdrianH]

http://www.h-online.com/security/news/item/Highly-critical-zero-day-vulnerability-in-Windows-discovered-1398625.html

Secunia has reported that an unpatched security vulnerability in the 64-bit version of Windows 7 may be able to be exploited to inject and execute malicious code; currently, the only known exploit causes the system to crash.

It is possible to trigger a memory error in the system file win32k.sys by accessing a crafted HTML file in Safari. webDEViL, who discovered the vulnerability, has published a proof of concept on Twitter. His demo simply consists of an IFrame with a specific height which when displayed in Safari results in a blue screen of death.

The possibility that the vulnerability can be exploited by using means other than Safari cannot be ruled out. According to webDEViL, the source of the vulnerability is the function NtGdiDrawStream. The H's associates at heise Security have been able to reproduce the problem. The 32-bit version is not affected. When and whether Microsoft will fix the vulnerability is not known.

Secunia's link >> http://secunia.com/advisories/47237/

[tuftedduck]

 

[AdrianH]

Now confirmed as also affecting IE versions prior to IE9 , still only on 64bit systems at present, it is also suspected that other browsers may be an issue .................

[BritBrat]

Rather than spend money on Christmas cards I am donating to Julia's House Hospice for terminally ill children   JULIA'S HOUSE / DONATE

You may want to recheck link
http://www.juliashouse.org/Donate.aspx

JULIA'S HOUSE / DONATE

Code: [Select]

[url=http://www.juliashouse.org/Donate.aspx]JULIA'S HOUSE / DONATE[/url]