CVE-2010-1818

Name of the Vulnerable Software and Affected Versions Apple QuickTime versions 6.x through 7.x before 7.6.8

Description The issue allows remote attackers to execute arbitrary code via the Marshaled pUnk attribute, which triggers unmarshalling of an untrusted pointer. This is caused by the QuickTime ActiveX control (QTPlugin.ocx) using a value passed in the Marshaled pUnk parameter as a pointer. Successful exploitation enables execution of arbitrary code.

Recommendations For Apple QuickTime versions 6.x through 7.x before 7.6.8, update to version 7.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the QTPlugin.ocx ActiveX control until a patch is applied. Avoid using the Marshaled pUnk parameter in affected API endpoints until the issue is resolved.