Added: 09/20/2010
CVE: CVE-2010-1818
BID: 42841
OSVDB: 67705
Apple QuickTime is a media player for Windows and Mac OS platforms.
An input validation error in Apple QuickTime 7.6.7 and earlier versions allows remote attackers to execute arbitrary code by enticing the user to open a specially crafted web page. The vulnerability is exploited by passing an invalid value via the _Marshaled_pUnk
parameter which is used as a valid pointer by the IPersistPropertyBag2::Read
function in the QTPlugin.ocx
ActiveX control.
Upgrade to Apple QuickTime Player 7.6.8 or higher.
<http://www.zerodayinitiative.com/advisories/ZDI-10-168/>
Exploit works on Apple Quicktime 7.6.7.
The user must open the exploit page using Internet Explorer 6 or 7.
Windows