CVE-2010-1818

Apple QuickTime <7.6.8 - RCE

Title source: llm

Description

The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16589

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Ruben Santamarta · textdoswindows

https://www.exploit-db.com/exploits/14843

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Ruben Santemarta, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html

[Exploit, Permissions Required] http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1

[Vendor Advisory] http://support.apple.com/kb/ht4339

[Broken Link, Not Applicable] http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010

[Broken Link, Not Applicable] https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523

Scores

EPSS 0.7714

EPSS Percentile 99.0%

Details

CWE

CWE-824

Status published

Products (47)

apple/quicktime 6.0

apple/quicktime 6.0.0

apple/quicktime 6.0.1

apple/quicktime 6.0.2

apple/quicktime 6.1

apple/quicktime 6.1.0

apple/quicktime 6.1.1

apple/quicktime 6.2.0

apple/quicktime 6.3.0

apple/quicktime 6.4.0

... and 37 more

Published Aug 31, 2010

Tracked Since Feb 18, 2026