QwikSec

Security Database

CVE

CWE

Training

CVE-2010-1818

Published: Aug 31, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

oval:org.mitre.oval:def:7523

vdb-entry

signature

x_refsource_OVAL

https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb

x_refsource_MISC

http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1

x_refsource_MISC

http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010

x_refsource_MISC

http://support.apple.com/kb/ht4339

x_refsource_CONFIRM

APPLE-SA-2010-09-15-1

vendor-advisory

x_refsource_APPLE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.