Blue screen of death hits 64-bit Windows 7 machines running Safari; culprit is HTML tag

IFRAME tag with too high a value blue-screens safari, Win7

If you run the Safari web browser on 64-bit Windows 7 machines, the Blue Screen of Death is waiting for you on innocent web sites that contain an otherwise harmless HTML tag.

Only the 64-bit version of Windows 7 is vulnerable to the flaw, and only in conjunction with Safari, according to security research firm Secunia.

The offending marker is an IFRAME tag with an overly large height attribute, according to Secunia and Twitter user w3bd3vil,who first reported the flaw.

The error exists in the win32k.sys file that runs on 64-bit systems to improve interoperability with 32-bit applications.

When exposed to an IFRAME tag with too large a height attribute – viewed through a Safari browser – win32k.sys has a fit that can corrupt the PC's operating memory, cause disastrous crashes and could be exploited by malware or hackers to "allow execution of arbitrary code with kernel-mode privileges," according to Secunia.

Secunia confirmed through Microsoft that the flaw exists in even fully patched versions of Windows 7 Professional 64-bit.

Other 64-bit versions of Win7 are probably also vulnerable, but Secunia has not confirmed that.

No word yet from Microsoft on a fix.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon