Critical Windows 7 zero-day vulnerability could lead to iFrame attacks

Danish vulnerability clearinghouse Secunia is warning of a highly critical memory corruption zero-day vulnerability that could be targeted by attackers. Proof-of-concept code has been published.

A highly critical zero-day vulnerability affecting Windows 7 has surfaced and proof-of-concept code has been published, prompting at least one security firm issue an advisory about the flaw.

The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.

Secunia, market leader in security software

Danish vulnerability clearinghouse Secunia said the memory corruption vulnerability could be exploited by attackers remotely. In a security advisory issued late Monday to customers, Secunia said the vulnerability works by viewing a malicious webpage containing an iFrame with an overly large “height” attribute.

Proof-of-concept code was published on Twitter by the discoverer of the Windows 7 vulnerability. The flaw works in the Apple Safari browser. There’s no word on whether the error can be exploited in Internet Explorer, Mozilla Firefox or Google Chrome.

“The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected,” Secunia said.

An iFrame is an HTML element typically used to pull in content from other sources onto a Web page, such as an advertising network. iFrame attacks are a common way for cybercriminals to conduct drive-by attacks. If a victim browses to a website or forum with malicious code injected into an iFrame, the attack can be stealthy, automatically infecting the victim’s machine with malware.  
~ Robert Westervelt

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close