Sunday, December 25, 2011

A simple HTML tag to crash 64-bit Windows 7

<iframe height='18082563'></iframe>

Yea that's true. This small ( not exactly small) iframe is powerful enough to crash down a 64 bit Win7 system to the famous Blue Screen Of Death (BSoD). This vulnerability has been recently reported by w3bd3vil (awsome work!!)

This has been tested on Windows 7, 64 bit version, running Safari. I hate the blue screen of death so didnt bother about testing it on other browsers. Microsoft is still accessing the impact of vulnerability. Here are the details from a security advisory.

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser.

Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.

The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.

No effective solution is currently available.

Provided and/or discovered by

Original Advisory!/w3bd3vil/status/148454992989261824



  1. Hi abhinav my name is pranav i hav a dbt

    What will happen if I try this in Virtual Machine

  2. This month's Patch Tuesday will fix this problem...

  3. .you must got a real facebook hacker hear


    do u wand a real facebook hacker pls click hear

    hack your friend fb account software free download

  4. Thanks for your marvelous posting! I really enjoyed reading it, you may be a great author.I will always bookmark your blog and will eventually come back in the future. I want to encourage that you continue your great posts, have a nice day! Screen monitoring

  5. great post, helpful , thank you for share.
    learn more about video converting skills at

  6. someone send me facebook hacking software linke which working 100 %