Apple QuickTime QTPlugin.ocx _Marshaled_pUnk Code Execution

Added: 09/20/2010
CVE: CVE-2010-1818
BID: 42841
OSVDB: 67705

Background

Apple QuickTime is a media player for Windows and Mac OS platforms.

Problem

An input validation error in Apple QuickTime 7.6.7 and earlier versions allows remote attackers to execute arbitrary code by enticing the user to open a specially crafted web page. The vulnerability is exploited by passing an invalid value via the _Marshaled_pUnk parameter which is used as a valid pointer by the IPersistPropertyBag2::Read function in the QTPlugin.ocx ActiveX control.

Resolution

Upgrade to Apple QuickTime Player 7.6.8 or higher.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-168/

Limitations

Exploit works on Apple Quicktime 7.6.7.

The user must open the exploit page using Internet Explorer 6 or 7.

Platforms

Windows

Back to exploit index