Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution

Added: 09/20/2010 CVE: CVE-2010-1818 BID: 42841 OSVDB: 67705 Background Apple QuickTime is a media player for Windows and Mac OS platforms. Problem An input validation error in Apple QuickTime 7.6.7 and earlier versions allows remote attackers to execute arbitrary code by enticing the user to ope...

Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution (CVE-2010-1818)

QuickTime is a media player application developed by Apple. It is capable of playing back numerous multimedia file formats from local file system or network servers. Upon installation, Apple QuickTime also installs a web browser plugin, QTPlugin.ocx. A remote code execution vulnerability has been...

Apple QuickTime Remote Code Execution Vulnerability

The host is installed with Apple QuickTime and is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: gbapplequicktimecodeexecvulnwin.nasl 5263 2017-02-10 13:45:51Z teissa $ Apple QuickTime Remote Code Execution Vulnerability Authors: Antu Sanadi Copyright: Copyright c...

QuickTime QTPlugin.ocx控件_Marshaled_pUnk参数验证漏洞

Apple QuickTime是一款非常流行的多媒体播放器。 QuickTime ActiveX控件（QTPlugin.ocx）实现了IPersistPropertyBag2::Read（1000E330）来处理所接收到的param： .text:1000E330 .text:1000E330 ; =============== S U B R O U T I N E ======================================= .text:1000E330 .text:1000E330 .text:1000E330 sub1000E330 proc near ; DA...

CVE-2010-1818

The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the MarshaledpUnk attribute, which triggers unmarshalling of an untrusted pointer...

Null pointer dereference

The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the MarshaledpUnk attribute, which triggers unmarshalling of an untrusted pointer...

CVE-2010-1818

The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the MarshaledpUnk attribute, which triggers unmarshalling of an untrusted pointer...

CVE-2010-1818

CVE-2010-1818 affects Apple QuickTime QTPlugin.ocx (QuickTime 6.x and 7.x before 7.6.8). The vulnerability arises from an input validation error in the _Marshaled_pUnk parameter, triggering unmarshalling of an untrusted pointer and allowing remote code execution with the user’s privileges. Public...

Apple QuickTime QTPlugin.ocx ActiveX控件多个栈溢出漏洞

BUGTRAQ ID: 27769 Apple QuickTime是一款非常流行的多媒体播放器。 QuickTime所安装的QTPlugin.ocx ActiveX控件在处理畸形参数数据时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。 QTPlugin.ocx ActiveX控件没有正确地验证对SetBgColor、SetHREF、SetMovieName、SetTarget和SetMatrix函数的输入，如果用户受骗访问了恶意网页并向这些函数传送了超长字符串的话，就可能触发栈溢出，导致执行任意指令。 Apple QuickTime Player = 7.4.1 临时解决方法...

Stack overflow

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via long arguments to the 1 SetBgColor, 2 SetHREF, 3 SetMovieName, 4 SetTarget, and 5...

CVE-2008-0778

Multiple stack-based buffer overflows exist in the QTPlugin.ocx ActiveX control of Apple QuickTime 7.4.1 and earlier. The vulnerability affects the QTPlugin.ocx component and is triggered by long arguments to the SetBgColor, SetHREF, SetMovieName, SetTarget, and SetMatrix methods, allowing remote...

QuickTime 7.4.1 QTPlugin.ocx Multiple Stack Overflow Vulnerabilities

No description provided by source. Application: QuickTime = 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow Web Site: http://www.apple.com/fr/quicktime/download/ Platform: Windows Bug: Multiple Remote Stack Overflow ------------------------------------------------------- 1 Introduction 2 Bug...

QuickTime 7.4.1 - QTPlugin.ocx Multiple Stack Overflow Vulnerabilities

QuickTime 7.4.1 - QTPlugin.ocx Multiple Stack Overflow Vulnerabilities Application: QuickTime sub test bar = String515305, "A" foo.SetBgColor bar End Sub ===== 5Credits ===== laurent gaffié laurent.gaffieremovethisatgmaildotcom milw0rm.com 2008-02-13...