Discussion in 'other security issues & news' started by vasa1, Dec 20, 2011.
At the moment this is just a proof of concept and only has been shown to work with Safari.
I'm not too worried =p
Pardon me if I don't fall over from shock here. Well, anyway, IFrame huh? Should be fairly easy to avoid that.
Good ole IFrame. Websites still use that lol...
Clearly highly critical... lol. Gotta love some article titles. The funny part is I know a few people with macbooks, even they don't use Safari.
This is a windows vulnerability. Just because the POC uses Safari does not mean it's Safari specific.
Not so fast, this NtGdiDrawStream exploit appears to be a bug in the OS itself and should be exploitable from nearly anywhere... this exploit can be triggered by through the GdiDrawStream function exported from GDI32.DLL library.... which nearly all usermode applications have loaded in its address space.
Its funny how many of these undocumented functions have holes.
Oh, I know that. That's why I said this:
I'm just not worried about a POC.
It's standard procedure to downplay anything negative, isn't it?
What I think that truly stands out in this bug alert is that, for the first time that I'm aware of (I don't possess all info... ), Windows 7 x86 users are off the hook.
Clearly, even though I can think of several *real* highly critical exploits this year.
Any examples other than the most bloated browser?
They have just patched the very critical kernel vulnerability on TTF parsing(win32k.sys) used by Duqu. And here again is a vulnerability on win32k.sys which can be used as an exploit that can be used for remote code execution and privilege escalation. At least no working zero day kernel exploit yet.
imagine that, everybody"s super hack-proof Win 7
I don't think anyone would say Win7 is hackproof. Though I think some people give it a bit too much credit.
Microsoft confirms Windows vulnerability
Yeah, real critical:
"at this time, our colleagues in the US do not believe that the vulnerability is capable of infecting Windows systems with malware"
But even if it can be used:
"Although the vulnerability lies not in the browser but in this Windows component, the relevant function is frequently called by browsers. Microsoft considers that, for this reason, Internet Explorer versions prior to 9 could be affected by this problem and recommends that individuals and business users should upgrade to the latest version."
Sounds like IE9/10 users are perfectly safe, and the fact this can be done in Safari in the first place sounds like a flaw. Using flaws to discover flaws, weird.