Summary
The host is installed with Apple QuickTime and is prone to remote code execution vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary code.
Impact Level: Application
Solution
Upgrade to version 7.6.8 or later,
For updates refer to http://www.apple.com/quicktime/download
Insight
The flaw is due to error in 'IPersistPropertyBag2::Read()' function in 'QTPlugin.ocx'. It allows remote attackers to execute arbitrary code via the '_Marshaled_pUnk attribute', which triggers unmarshaling of an untrusted pointer.
Affected
Apple QuickTime version 6.5.2 and prior
Apple QuickTime version 7.6.7 and prior on windows.
References
- http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1
- http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010
- https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-1818 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
- Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)