SAINT CorporationSAINT:0B14560CECDAA1CE5E27091BBE123E84Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Added: 09/20/2010
CVE: CVE-2010-1818
BID: 42841
OSVDB: 67705
Background
Apple QuickTime is a media player for Windows and Mac OS platforms.
Problem
An input validation error in Apple QuickTime 7.6.7 and earlier versions allows remote attackers to execute arbitrary code by enticing the user to open a specially crafted web page. The vulnerability is exploited by passing an invalid value via the _Marshaled_pUnk parameter which is used as a valid pointer by the IPersistPropertyBag2::Read function in the QTPlugin.ocx ActiveX control.
Resolution
Upgrade to Apple QuickTime Player 7.6.8 or higher.
References
<http://www.zerodayinitiative.com/advisories/ZDI-10-168/>
Limitations
Exploit works on Apple Quicktime 7.6.7.
The user must open the exploit page using Internet Explorer 6 or 7.
Platforms
Windows
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%