The vulnerability, described in a tweet by webdevil, was confirmed by Secunia, which it categorized as a “highly critical” flaw providing remote system access to an attacker.
“A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system”, Secunia said.
“The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via, e.g., a specially crafted web page containing an IFRAME with an overly large 'height' attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected”, it warned. Secunia stressed that “no effective solution is currently available.”
Microsoft told Kaspersky Lab that they are looking into the reported vulnerability. "We are currently examining the issue and will take appropriate action to help ensure the customers are protected", said Jerry Bryant, group manager of response communications in Microsoft's Trustworthy Computing Group.