Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:22121186B3D05C0E4BC9D55E03F81042
HistorySep 20, 2010 - 12:00 a.m.

Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution

2010-09-2000:00:00
SAINT Corporation
www.saintcorporation.com
12

0.971 High

EPSS

Percentile

99.8%

JSON

Added: 09/20/2010
CVE: CVE-2010-1818
BID: 42841
OSVDB: 67705

Background

Apple QuickTime is a media player for Windows and Mac OS platforms.

Problem

An input validation error in Apple QuickTime 7.6.7 and earlier versions allows remote attackers to execute arbitrary code by enticing the user to open a specially crafted web page. The vulnerability is exploited by passing an invalid value via the _Marshaled_pUnk parameter which is used as a valid pointer by the IPersistPropertyBag2::Read function in the QTPlugin.ocx ActiveX control.

Resolution

Upgrade to Apple QuickTime Player 7.6.8 or higher.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-168/&gt;

Limitations

Exploit works on Apple Quicktime 7.6.7.

The user must open the exploit page using Internet Explorer 6 or 7.

Platforms

Windows

Related

cve 1
zdi 1
saint 3
prion 1
canvas 1
checkpoint_advisories 1
openvas 2
cvelist 1
nvd 1
packetstorm 1
nessus 3
cve
cve
CVE-2010-1818
2010-08-31 20:00:01
zdi
zdi
Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability
2010-08-31 00:00:00
saint
saint
Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution
2010-09-20 00:00:00
Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution
2010-09-20 00:00:00
Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution
2010-09-20 00:00:00
prion
prion
Null pointer dereference
2010-08-31 20:00:00
canvas
canvas
Immunity Canvas: QUICK_PUNK
2010-08-31 20:00:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution (CVE-2010-1818)
2010-09-13 00:00:00
openvas
openvas
Apple QuickTime RCE Vulnerability
2010-09-03 00:00:00
Apple QuickTime Remote Code Execution Vulnerability
2010-09-03 00:00:00
cvelist
cvelist
CVE-2010-1818
2010-08-31 19:25:00
nvd
nvd
CVE-2010-1818
2010-08-31 20:00:01
packetstorm
packetstorm
Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution
2010-08-30 00:00:00
nessus
nessus
QuickTime < 7.6.8 Multiple Vulnerabilities (Windows)
2010-09-16 00:00:00
QuickTime < 7.6.8 Multiple Vulnerabilities (Windows) (deprecated)
2010-09-16 00:00:00
QuickTime < 7.6.8 Multiple Vulnerabilities (Windows)
2010-09-16 00:00:00

0.971 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:22121186B3D05C0E4BC9D55E03F81042
cve1zdi1saint3prion1canvas1checkpoint_advisories1openvas2cvelist1nvd1packetstorm1nessus3