9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Added: 09/20/2010
CVE: CVE-2010-1818
BID: 42841
OSVDB: 67705
Apple QuickTime is a media player for Windows and Mac OS platforms.
An input validation error in Apple QuickTime 7.6.7 and earlier versions allows remote attackers to execute arbitrary code by enticing the user to open a specially crafted web page. The vulnerability is exploited by passing an invalid value via the _Marshaled_pUnk
parameter which is used as a valid pointer by the IPersistPropertyBag2::Read
function in the QTPlugin.ocx
ActiveX control.
Upgrade to Apple QuickTime Player 7.6.8 or higher.
<http://www.zerodayinitiative.com/advisories/ZDI-10-168/>
Exploit works on Apple Quicktime 7.6.7.
The user must open the exploit page using Internet Explorer 6 or 7.
Windows