Anand Yadav

Microsoft Windows win32k.sys Memory Corruption Vulnerability

December 21, 2011
Estimated reading time: 1 minute

A vulnerability has been discovered in Microsoft Windows which can be exploited by malicious parties to potentially compromise a user’s system.

The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via a specially crafted web page containing an IFRAME with an overly large “height” attribute. This is viewed using the Apple Safari browser and can cause a BSoD.

Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.

The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.