Status Tracking Note JVNTR-2010-26

Apple Quicktime Updates for Multiple Vulnerabilities (CVE-2010-1818, JVNVU#997815)

Overview

There are multiple vulnerabilities in Apple Quicktime. Apple has released updates to address these vulnerabilities.
Event Information
Date (UTC)Description
2010-09-16 16:00 US-CERT
Apple Releases QuickTime 7.6.8
US-CERT Current Activity
Public notification for "Security Advisory (HT4339) ".
2010-09-15 Apple
HT4339: About the security content of QuickTime 7.6.8
Security Update (CVE-2010-1818) released.: QuickTime 7.6.8
2010-08-31 18:15 Zero Day Initiative (ZDI)
ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability
Vulnerability disclosure.
2010-08-31 17:55 Metasploit Project
Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution
Vulnerability proof-of-concept code has been posted.
Metasploit Penetration Testing Framework
2010-08-30 18:21 Symantec
ThreatCON (1) => (1)
Vulnerability has been reported.
A previously unknown, unpatched vulnerability has been reported affecting Apple QuickTime. Affected users may wish to disable the affected component until fixes are available.
2010-08-30 15:13
[0day] Apple QuickTime "_Marshaled_pUnk" backdoor param client-side arbitrary code execution
Vulnerability related information posted to Web site.
2010-06-30 Zero Day Initiative (ZDI)
ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability
Vulnerability reported to vendor.
Reference
Date first published (UTC): 2010-09-23T02:18+00:00
Date last updated (UTC): 2010-09-23T02:18+00:00
Valid HTML 4.01!