windows Unpatched IFRAME vulnerability in Win 7 x64

[_BeanZ_]

A simple HTML tag will crash 64-bit Windows 7

An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash.

The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines' date=' security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune from the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.

Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in Apple's Safari web browser, quickly leads to the kernel triggering a page fault in an unmapped area of memory, which halts the machine at a blue screen of death.[/quote']

Source - The Register/Secunia Vulnerability

[SuperKid]

Only works in Safari though, its caused when you create a huge ass iframe, anyway iframe? who uses iframe these days? KILL IT.

[Phouchg]

Safari on Windows is an unholy abomination. I don't have Safari on my machine even for my web stuff testing.

While Windows should not ever allow a misbehaving program to close the shop, it's as much Safari's fault for not checking something it should and doing something really stupid with the resources it's trusted with.

And yes - iframes are evil, too.

On a second thought, if it provides code injection path as well then it's more of bungling by MS.

[ArialBlue]

And who created Safari for Windows?

It is not too far fetched to conclude that this is intentional.