Lucene search
HBeliteZDI-10-168HistoryAug 31, 2010 - 12:00 a.m.
Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability
2010-08-3100:00:00
HBelite
www.zerodayinitiative.com
16
0.971 High
EPSS
Percentile
99.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QTPlugin.ocx ActiveX control. The plugin accepts a parameter named _Marshaled_pUnk that it uses as a valid pointer. By specifying invalid values an attacker can force the application to jump to a controlled location in memory. This can be exploited to execute remote code under the context of the user running the web browser.
References
Related
cve
cve
CVE-2010-1818
2010-08-31 20:00:01
saint
saint
Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution
2010-09-20 00:00:00
Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution
2010-09-20 00:00:00
Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution
2010-09-20 00:00:00
prion
prion
Null pointer dereference
2010-08-31 20:00:00
canvas
canvas
Immunity Canvas: QUICK_PUNK
2010-08-31 20:00:00
openvas
openvas
Apple QuickTime Remote Code Execution Vulnerability
2010-09-03 00:00:00
Apple QuickTime RCE Vulnerability
2010-09-03 00:00:00
nvd
nvd
CVE-2010-1818
2010-08-31 20:00:01
packetstorm
packetstorm
Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution
2010-08-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution (CVE-2010-1818)
2010-09-13 00:00:00
cvelist
cvelist
CVE-2010-1818
2010-08-31 19:25:00
nessus
nessus
QuickTime < 7.6.8 Multiple Vulnerabilities (Windows)
2010-09-16 00:00:00
QuickTime < 7.6.8 Multiple Vulnerabilities (Windows) (deprecated)
2010-09-16 00:00:00
QuickTime < 7.6.8 Multiple Vulnerabilities (Windows)
2010-09-16 00:00:00