Microsoft reviewing reported Windows 7-Safari hole

Viewing a malicious Web page using the Safari browser on Windows 7 could expose the computer to attack, advisory says.

Researcher WebDEVil tweeted about a vulnerability in Windows 7 affecting Safari users.
Researcher WebDEVil tweeted about a vulnerability in Windows 7 affecting Safari users.

Microsoft said today that it is looking into a report of a critical vulnerability in Windows 7 that could be used to take over the computer if a user opened a malicious Web page using Apple's Safari browser.

"We are currently examining the issue and will take appropriate action to help ensure customers are protected," Jerry Bryant, group manager for Response communications of Microsoft's Trustworthy Computing Group, said in a statement to CNET.

Secunia released an advisory on the issue yesterday after the problem was reported in a tweet by a researcher using the handle "WebDEVil."

"The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted Web page containing an IFRAME with an overly large 'height' attribute viewed using the Apple Safari browser," the advisory warns. "Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected."

(via Threat Post.)

About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.


Discuss Microsoft reviewing reported Windows 7-Safari...

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Articles from CNET
Wii U sales finally hit 10 million units as Nintendo nabs tiny profit