New Remotely Exploitable Vulnerability Found in 64-bit Win7

Status
Not open for further replies.

molo9000

Distinguished
Aug 14, 2010
646
0
18,990
The actual vulnerability is in the NtGdiDrawStream function in the win32k.sys.

Other browsers or programs that call this function might be vulnerable, too.
 

JOSHSKORN

Distinguished
Oct 26, 2009
2,394
19
19,795
[citation][nom]nikorr[/nom]Only on Safari?[/citation]
So far there's no indication that the three most popular browsers -- Internet Explorer (40.63-percent), Chrome (25.69-percent) and Firefox (25.23-percent) -- share a similar vulnerability when used in Windows 7.
 

JOSHSKORN

Distinguished
Oct 26, 2009
2,394
19
19,795
[citation][nom]amk-aka-phantom[/nom]Who the hell uses Safari on Windows? Dismissed![/citation]
As of November 2011, the Safari browser commanded only 5.92-percent of the browser market, so there doesn't seem to be a potential widespread problem.
Not that many, apparently. I installed it once just to see it, but have since then have had to reformat my computer due to a black screen, which I'm sure is unrelated, considering I never launched Safari since I'd installed and looked at it.
 

f-gomes

Distinguished
Jul 3, 2008
161
0
18,690
If this is a Safary only issue, it is a no problem, actually. market share of Safari in Windows 7 is irrelevant, though I'm sure MS will address the issue as if it was an actual menace.
 

shqtth

Distinguished
Sep 4, 2008
409
0
18,780
not too long ago, when i went to a review website, one of the ads tried to execute a malformed java, inturn to run a exe file threw safari. Well the exe file terminated as I have execution disable bit enabled on my athlon 64bit/Vista 64bit.

I reported the virus to microsoft. And it was one they never sae yet.

So I say, safari has their proplems. Also upgrading to the latest version of safari, bricks your itunes/safari, so it can't access the internet. THe new safari uses multiple threads to download from the internet and render pages, well that engine has bugs and wont work on all computers, so I had to downgrade my safari.

I am just thankful for execution disable bit.
 

amk-aka-Phantom

Distinguished
Mar 10, 2011
3,004
0
20,860
[citation][nom]qefx[/nom]Microsoft: We have a workaround .. delete anything from Apple that may be on your system.[/citation]

Straight! Hate servicing Windows machines with Apple software installed - a ton of junk in the Startup that has to be disabled... "NO, don't touch this, this is APPLE, this is for my iPod!!!" - if you're dumb enough to install all that bloatware for your iPod, at least make sure that it doesn't spawn 10 more things to slow down your system like it normally does.
 

guardianangel42

Distinguished
Jan 18, 2010
554
0
18,990
[citation][nom]DaveUK[/nom]Surely this is a Safari exploit and not a Windows one, otherwise all browsers would be affected?[/citation]

In the interest of playing devils advocate, based solely on the article (specifically this line: ""The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.") I'd say they simply haven't tested for it on other browsers/versions of Windows. While that doesn't mean other browsers ARE affected, it also doesn't mean they AREN'T.

We'll have to wait and see what these researchers find.

Also, I laughed inside when Kevin made a point to say "independent" researchers. There's almost no such thing anymore.
 

sissysue

Distinguished
Dec 15, 2011
55
0
18,630
Windows is a Swiss OS, always has been. If not no third party program could get kernel privileges. I'll stick with Linux or OS X for my real computing and leave Windose for games.
 

silentbobdc

Distinguished
Oct 22, 2009
37
0
18,530
So Apple creates a vulnerability in Windows and you title the article:

"New Remotely Exploitable Vulnerability Found in 64-bit Win7"

Shouldn't a more responsible title be "Apple's Safari Browser creates New Remotely Exploitable Vulnerability when used on 64-bit Win7"

Trying to blame MS for an Apple created issue, pretty weak writing.
 

molo9000

Distinguished
Aug 14, 2010
646
0
18,990
[citation][nom]silentbobdc[/nom]So Apple creates a vulnerability in Windows and you title the article:"New Remotely Exploitable Vulnerability Found in 64-bit Win7"Shouldn't a more responsible title be "Apple's Safari Browser creates New Remotely Exploitable Vulnerability when used on 64-bit Win7"Trying to blame MS for an Apple created issue, pretty weak writing.[/citation]

The vulnerability is actually in a function that's part of Windows.

If Safari can call that function and execute arbitrary code, then so can other programs.
The vulnerability is there and crafty hackers will find ways to exploit it if Microsoft gives them enough time.
 

lamorpa

Distinguished
Apr 30, 2008
1,195
0
19,280
[citation][nom]shqtth[/nom]...a[n] exe file threw safari...[/citation]
How far did the exe throw it? Did it throw it through a wall or something?
 

hoof_hearted

Distinguished
Mar 6, 2010
349
0
18,780
Big image in Safari and API function call, NtGdiDrawStream

// Private draw stream interface
__kernel_entry W32KAPI BOOL APIENTRY
NtGdiDrawStream(
__in HDC hdcDst,
__in ULONG cjIn,
__in_bcount(cjIn) VOID *pvIn
);

I am sure all the hackers need to do is launch some sort of kenel monitor andd see how Safari uses this function, the check other browsers, javascript, etc and find a way to emulate the same "blow the stack" condition.
 

mildgamer001

Distinguished
Jul 5, 2011
600
0
19,010
and people always asked why i hate safari... and it also said this vulnerability was in windows 7 pro. not home premium or ultimate, most peopel that aren't on business computers dotn use pro. (i said MOST, dont troll)
 
Status
Not open for further replies.