PROBLEM:
Microsoft Windows win32k.sys Memory Corruption Vulnerability.
PLATFORM:
Operating System Microsoft Windows 7
ABSTRACT:
Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.
reference LINKS:
Secunia Advisory SA47237
MS11-087:Article ID: 2639417
IMPACT ASSESSMENT:
High
Discussion:
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.
Impact:
Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.
Solution:
No effective solution is currently available.