Status Tracking Note JVNTR-2010-26

Apple Quicktime Updates for Multiple Vulnerabilities (CVE-2010-1818, JVNVU#997815)

Overview

There are multiple vulnerabilities in Apple Quicktime. Apple has released updates to address these vulnerabilities.
Event Information





Date (UTC)Description



2010-09-16 16:00
US-CERT
 Apple Releases QuickTime 7.6.8

US-CERT Current Activity

Public notification for "Security Advisory (HT4339) ".




2010-09-15
Apple
 HT4339: About the security content of QuickTime 7.6.8

Security Update (CVE-2010-1818) released.: QuickTime 7.6.8




2010-08-31 18:15
Zero Day Initiative (ZDI)
 ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability

Vulnerability disclosure.




2010-08-31 17:55
Metasploit Project
 Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution

Vulnerability proof-of-concept code has been posted.

Metasploit Penetration Testing Framework




2010-08-30 18:21
Symantec
 ThreatCON (1) => (1)

Vulnerability has been reported.

A previously unknown, unpatched vulnerability has been reported affecting Apple QuickTime. Affected users may wish to disable the affected component until fixes are available.




2010-08-30 15:13

 [0day] Apple QuickTime "_Marshaled_pUnk" backdoor param client-side arbitrary code execution

Vulnerability related information posted to Web site.




2010-06-30
Zero Day Initiative (ZDI)
 ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability

Vulnerability reported to vendor.













 Reference















Date first published (UTC): 2010-09-23T02:18+00:00


Date last updated (UTC): 2010-09-23T02:18+00:00









        
          Valid HTML 4.01!