Vulnerability-Lookup

CVE-2010-1818 (GCVE-0-2010-1818)

Vulnerability from cvelistv5 – Published: 2010-08-31 19:25 – Updated: 2024-08-07 01:35

Summary

The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://www.metasploit.com/redmine/projects/frame…	x_refsource_MISC
	http://reversemode.com/index.php?option=com_conte…	x_refsource_MISC
	http://threatpost.com/en_us/blogs/new-remote-flaw…	x_refsource_MISC
	http://support.apple.com/kb/ht4339	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:35:53.749Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:7523",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/ht4339"
          },
          {
            "name": "APPLE-SA-2010-09-15-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-26T13:57:02.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:7523",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/ht4339"
        },
        {
          "name": "APPLE-SA-2010-09-15-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-1818",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:7523",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523"
            },
            {
              "name": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb",
              "refsource": "MISC",
              "url": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb"
            },
            {
              "name": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1",
              "refsource": "MISC",
              "url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1"
            },
            {
              "name": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010",
              "refsource": "MISC",
              "url": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010"
            },
            {
              "name": "http://support.apple.com/kb/ht4339",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/ht4339"
            },
            {
              "name": "APPLE-SA-2010-09-15-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2010-1818",
    "datePublished": "2010-08-31T19:25:00.000Z",
    "dateReserved": "2010-05-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T01:35:53.749Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-H498-WHQR-Q683

Vulnerability from github – Published: 2022-05-17 00:48 – Updated: 2022-05-17 00:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-1818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-31T20:00:00Z",
    "severity": "HIGH"
  },
  "details": "The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.",
  "id": "GHSA-h498-whqr-q683",
  "modified": "2022-05-17T00:48:03Z",
  "published": "2022-05-17T00:48:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1818"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523"
    },
    {
      "type": "WEB",
      "url": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/ht4339"
    },
    {
      "type": "WEB",
      "url": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2010-1818

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-1818

Aliases

CVE-2010-1818

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-1818",
    "description": "The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.",
    "id": "GSD-2010-1818",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-1818"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-1818"
      ],
      "details": "The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.",
      "id": "GSD-2010-1818",
      "modified": "2023-12-13T01:21:32.034865Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2010-1818",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:7523",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523"
          },
          {
            "name": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb",
            "refsource": "MISC",
            "url": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb"
          },
          {
            "name": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1",
            "refsource": "MISC",
            "url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1"
          },
          {
            "name": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010",
            "refsource": "MISC",
            "url": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010"
          },
          {
            "name": "http://support.apple.com/kb/ht4339",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/ht4339"
          },
          {
            "name": "APPLE-SA-2010-09-15-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-1818"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-824"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Not Applicable"
              ],
              "url": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb"
            },
            {
              "name": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Not Applicable"
              ],
              "url": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010"
            },
            {
              "name": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Permissions Required"
              ],
              "url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1"
            },
            {
              "name": "APPLE-SA-2010-09-15-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
            },
            {
              "name": "http://support.apple.com/kb/ht4339",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/ht4339"
            },
            {
              "name": "oval:org.mitre.oval:def:7523",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-27T01:29Z",
      "publishedDate": "2010-08-31T20:00Z"
    }
  }
}

CERTA-2010-ALE-013

Vulnerability from certfr_alerte - Published: 2010-08-31 - Updated: 2010-09-17

Une vulnérabilité non-corrigée dans le contrôle ActiveX Apple QuickTime permet à un utilisateur distant malintentionné d'exécuter du code arbitraire.

Description

Une vulnérabilité non-corrigée dans le contrôle ActiveX QuickTime (QTPlugin.ocx) permet à une personne distante malintentionnée d'exécuter du code arbitraire via une page web spécialement construite.

Le problème résidant dans le contrôle ActiveX QuickTime, l'exploitation n'est possible, à ce jour, que via le navigateur Internet Explorer.

Le savoir-faire nécessaire pour exploiter cette vulnérabilité est d'ores et déjà disponible sur l'Internet.

Contournement provisoire

Afin de limiter l'impact lié à l'exploitation de cette vulnérabilité, les contournements décrits ci-dessous, non exhaustifs, peuvent être appliqués.

Remarque : la mise en œuvre de ces contournements de sécurité peut avoir des effets de bord sur l'activité du système. Il est important de les tester avant tout déploiement.

Renommer, supprimer, ou retirer les droits d'accès du fichier suivant :

C:\Program Files\QuickTime\QTPlugin.ocx

désactiver le chargement du contrôle ActiveX dans Internet Explorer :

Positionner la valeur Compatibility Flags comme décrit ci-dessous :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
``Compatibility Flags''=dword:00000400

Solution

Cette vulnérabilité est corrigée dans la version 7.6.8 de QuickTime. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple QuickTime versions 7.6.7 et antérieures sur plateforme Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis CERTA-2010-AVI-441 :	-	other
Bulletin de sécurité Apple HT4339 du 15 septembre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple QuickTime versions 7.6.7 et  ant\u00e9rieures sur plateforme Windows.\u003c/p\u003e",
  "closed_at": "2010-09-17",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 non-corrig\u00e9e dans le contr\u00f4le ActiveX QuickTime\n(QTPlugin.ocx) permet \u00e0 une personne distante malintentionn\u00e9e d\u0027ex\u00e9cuter\ndu code arbitraire via une page web sp\u00e9cialement construite.\n\nLe probl\u00e8me r\u00e9sidant dans le contr\u00f4le ActiveX QuickTime, l\u0027exploitation\nn\u0027est possible, \u00e0 ce jour, que via le navigateur Internet Explorer.\n\nLe savoir-faire n\u00e9cessaire pour exploiter cette vuln\u00e9rabilit\u00e9 est d\u0027ores\net d\u00e9j\u00e0 disponible sur l\u0027Internet.\n\n## Contournement provisoire\n\nAfin de limiter l\u0027impact li\u00e9 \u00e0 l\u0027exploitation de cette vuln\u00e9rabilit\u00e9,\nles contournements d\u00e9crits ci-dessous, non exhaustifs, peuvent \u00eatre\nappliqu\u00e9s.\n\nRemarque : la mise en \u0153uvre de ces contournements de s\u00e9curit\u00e9 peut avoir\ndes effets de bord sur l\u0027activit\u00e9 du syst\u00e8me. Il est important de les\ntester avant tout d\u00e9ploiement.\n\n-   Renommer, supprimer, ou retirer les droits d\u0027acc\u00e8s du fichier\n    suivant :\n\n    \u003cspan\n    class=\"small\"\u003e`C:\\Program      Files\\QuickTime\\QTPlugin.ocx`\u003c/span\u003e\n\n-   d\u00e9sactiver le chargement du contr\u00f4le ActiveX dans Internet Explorer\n    :\n\n    Positionner la valeur Compatibility Flags comme d\u00e9crit ci-dessous :\n\n        [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\\n        {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]\n        ``Compatibility Flags\u0027\u0027=dword:00000400\n\n## Solution\n\nCette vuln\u00e9rabilit\u00e9 est corrig\u00e9e dans la version 7.6.8 de QuickTime. Se\nr\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1818"
    }
  ],
  "initial_release_date": "2010-08-31T00:00:00",
  "last_revision_date": "2010-09-17T00:00:00",
  "links": [
    {
      "title": "Avis CERTA-2010-AVI-441 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-441/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4339 du 15 septembre 2010 :",
      "url": "http://support.apple.com/kb/HT4339"
    }
  ],
  "reference": "CERTA-2010-ALE-013",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-08-31T00:00:00.000000"
    },
    {
      "description": "publication du correctif.",
      "revision_date": "2010-09-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 non-corrig\u00e9e dans le contr\u00f4le ActiveX Apple QuickTime\npermet \u00e0 un utilisateur distant malintentionn\u00e9 d\u0027ex\u00e9cuter du code\narbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le contr\u00f4le ActiveX Apple QuickTime",
  "vendor_advisories": []
}

FKIE_CVE-2010-1818

Vulnerability from fkie_nvd - Published: 2010-08-31 20:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html	Vendor Advisory
product-security@apple.com	http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1	Exploit, Permissions Required
product-security@apple.com	http://support.apple.com/kb/ht4339	Vendor Advisory
product-security@apple.com	http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010	Broken Link, Not Applicable
product-security@apple.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523
product-security@apple.com	https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb	Broken Link, Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1	Exploit, Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/ht4339	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010	Broken Link, Not Applicable
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523
af854a3a-2127-422b-91ae-364da2661108	https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb	Broken Link, Not Applicable

Impacted products

Vendor	Product	Version
apple	quicktime	6.0
apple	quicktime	6.0.0
apple	quicktime	6.0.1
apple	quicktime	6.0.2
apple	quicktime	6.1
apple	quicktime	6.1.0
apple	quicktime	6.1.1
apple	quicktime	6.2.0
apple	quicktime	6.3.0
apple	quicktime	6.4.0
apple	quicktime	6.5
apple	quicktime	6.5.0
apple	quicktime	6.5.1
apple	quicktime	6.5.2
apple	quicktime	7.0
apple	quicktime	7.0.0
apple	quicktime	7.0.1
apple	quicktime	7.0.2
apple	quicktime	7.0.3
apple	quicktime	7.0.4
apple	quicktime	7.1
apple	quicktime	7.1.0
apple	quicktime	7.1.1
apple	quicktime	7.1.2
apple	quicktime	7.1.3
apple	quicktime	7.1.4
apple	quicktime	7.1.5
apple	quicktime	7.1.6
apple	quicktime	7.2
apple	quicktime	7.2.0
apple	quicktime	7.2.1
apple	quicktime	7.3
apple	quicktime	7.3.0
apple	quicktime	7.3.1
apple	quicktime	7.3.1.70
apple	quicktime	7.4
apple	quicktime	7.4.0
apple	quicktime	7.4.1
apple	quicktime	7.4.5
apple	quicktime	7.5.0
apple	quicktime	7.5.5
apple	quicktime	7.6.0
apple	quicktime	7.6.1
apple	quicktime	7.6.2
apple	quicktime	7.6.5
apple	quicktime	7.6.6
apple	quicktime	7.6.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80747BDD-70E9-4E74-896F-C79D014F1B2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A4C6772-CD24-46FD-AEBE-BF8BB16B5BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85ADED98-62C6-4961-894C-1D26E3B3EE5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F522CEA4-B3BB-4C94-B070-6679EEA43439",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA1E140B-BCB4-4B3C-B287-E9E944E08DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B630944-F838-4C02-90D4-F5EB2A073CA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9066C81B-A69F-450D-8606-5E29AF1AD286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71285AD2-3966-4817-B630-8335BE985D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2458480E-F222-452A-AB21-933F924F8F6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30C83A78-6BB9-443E-B508-CC6F8D157A6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7CB5C4-9A5A-4831-8FFD-0D261619A7DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61463F4F-BBE0-42AA-AC22-8F39E94EB520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2CE0B67-0794-472D-A2C0-CC5CA0E36370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5DDF47-5AA5-4EE3-B12D-9218F528EFE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F43E39C4-6A08-4C38-BC7D-573F40978527",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2C61F8-B376-40F9-8677-CADCC3295915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6254BB56-5A25-49DC-A851-3CCA249BD71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0E0EA8-2947-44F9-BCFA-F4CFA34E9EFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "795E3354-7824-4EF4-A788-3CFEB75734E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9419A1E9-A0DA-4846-8959-BE50B53736E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E518B27-A79B-43A4-AFA6-E59EF8E944D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEC6EF36-93B3-49BB-9A6F-1990E3F4170E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1B5F2F-CDBF-4AEF-9F78-0C010664B9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C9B657-5484-4458-861E-D6FB5019265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B84D320E-ACA2-4B6E-B682-00202B9ADF2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E0F160-4B70-45CD-B8AC-AB30ADDB8D2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF20D38-BFA3-4403-AB24-7B74EFD68229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97FEBA83-C845-4334-9B9A-921BA0F44DE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CE2A89-B2FC-413D-A059-526E6DE301BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9F7DCE-EE65-4CD5-AA21-208B2AAF09EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31662D02-7FA9-4FAD-BE49-194B7295CEE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C835F2-4F9E-45A6-8112-C2D8CB1A39AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8461AF0A-D4D3-4010-A881-EDBB95003083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C8E5C77-573F-4EA3-A59C-4A7B11946E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C6E08BF-737E-4512-9BB8-5B4B03A2F8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D22D0674-0EC7-4176-97FB-940F2F7D6AFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6470EC-B72B-404C-9E69-03C3FEFD56F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3FB6BA-D0FA-4DC3-8A4D-453C2EE51D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F5F530-033D-49D8-ABD5-F4285DA7DA40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A0A9EC6-9531-4024-8325-DD9318653AE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDB11E0-3853-4C93-AC64-599A1A3606CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C2A95FA-0C02-45AD-B9C0-AB6310DAD5B2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n IPersistPropertyBag2::Read en QTPlugin.ocx en Apple QuickTime 6.x, 7.x y otras versiones permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del atributo _Marshaled_pUnk, lo que provoca que deserialice un puntero no confiable."
    }
  ],
  "id": "CVE-2010-1818",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-31T20:00:01.420",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit",
        "Permissions Required"
      ],
      "url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/ht4339"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Broken Link",
        "Not Applicable"
      ],
      "url": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Broken Link",
        "Not Applicable"
      ],
      "url": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Permissions Required"
      ],
      "url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/ht4339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Not Applicable"
      ],
      "url": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Not Applicable"
      ],
      "url": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-824"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2010-AVI-441

Vulnerability from certfr_avis - Published: 2010-09-17 - Updated: 2010-09-17

Deux vulnérabilités dans QuickTime permettent l'exécution de code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans QuickTime :

un paramètre spécifique passé au contrôle ActiveX QTPlugin.ocx permet l'exécution de code arbitraire à distance (CVE-2010-1818). Cette vulnérabilité avait fait l'objet de l'alerte CERTA-2010-ALE-013 ;
un problème lors de la recherche de bibliothèques dynamiques dans QuickTime Picture Viewer permet l'exécution de code arbitraire à distance (CVE-2010-1819).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

QuickTime versions 7.6.7 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4339 du 15 septembre 2010	None	vendor-advisory
Alerte CERTA-2010-ALE-013 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eQuickTime\u003c/SPAN\u003e versions 7.6.7 et  ant\u00e9rieures.\u003c/P\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans QuickTime :\n\n-   un param\u00e8tre sp\u00e9cifique pass\u00e9 au contr\u00f4le ActiveX QTPlugin.ocx\n    permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance (CVE-2010-1818).\n    Cette vuln\u00e9rabilit\u00e9 avait fait l\u0027objet de l\u0027alerte\n    CERTA-2010-ALE-013 ;\n-   un probl\u00e8me lors de la recherche de biblioth\u00e8ques dynamiques dans\n    QuickTime Picture Viewer permet l\u0027ex\u00e9cution de code arbitraire \u00e0\n    distance (CVE-2010-1819).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1818"
    },
    {
      "name": "CVE-2010-1819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1819"
    }
  ],
  "initial_release_date": "2010-09-17T00:00:00",
  "last_revision_date": "2010-09-17T00:00:00",
  "links": [
    {
      "title": "Alerte CERTA-2010-ALE-013 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-013/"
    }
  ],
  "reference": "CERTA-2010-AVI-441",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-09-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eQuickTime\u003c/span\u003e\npermettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4339 du 15 septembre 2010",
      "url": "http://support.apple.com/kb/HT4339"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-1818 (GCVE-0-2010-1818)

GHSA-H498-WHQR-Q683

GSD-2010-1818

CERTA-2010-ALE-013

Description

Contournement provisoire

Solution

FKIE_CVE-2010-1818

CERTA-2010-AVI-441

Description

Solution

Tags

Sightings

Nomenclature