Hbelite

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions 6.x through 7.x before 7.6.8 **Description** The issue allows remote attackers to execute arbitrary code via the ` Marshaled pUnk` attribute, which triggers unmarshalling of an untrusted pointer. This is caused by the QuickTime ActiveX control (QTPlugin.ocx) using a value passed in the ` Marshaled pUnk` parameter as a pointer. Successful exploitation enables execution of arbitrary code. **Recommendations** For Apple QuickTime versions 6.x through 7.x before 7.6.8, update to version 7.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the QTPlugin.ocx ActiveX control until a patch is applied. Avoid using the ` Marshaled pUnk` parameter in affected API endpoints until the issue is resolved.