Simple HTML Tag Crashes Windows 7 64-Bit

Simple HTML Tag Crashes Windows 7 64-Bit

If you want to watch one of the fastest blue screens ever, just watch the video above. It demonstrates a yet-to-be-patch flaw in the 64-bit version of Windows 7 that not only crashes the OS, but compromise the system, according to software security company Secunia.

Secunia’s advisory says the problem is within “win32k.sys” a core Windows file, and is triggered when an extremely large height value is set for an “iframe” — a tag that allows you to embed one webpage inside another. If used properly, the bug can be used to execute code at the same access level as the kernel. Which is fairly high on the permissions ladder, as you can imagine.

It was first reported on Twitter by user webDEViL on December 16.

Why you probably haven’t noticed this vulnerability is because it only affects Apple’s Safari browser, which isn’t exactly hogging drive space on Windows PCs. While it shares the WebKit layout engine with Google Chrome, this bug hasn’t appeared in the latter program.

Until Microsoft gets around to fixing the problem, the best thing to do is, well, not use Safari.

[Secunia, via The Register]