Vulnerabilities > CVE-2010-1819 - Unspecified vulnerability in Apple Quicktime
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file. Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | QUICKTIME_768.NASL |
description | The version of QuickTime installed on the remote Windows host is older than 7.6.8. Such versions are reportedly affected by two vulnerabilities : - An input validation issue in the QTPlugin.ocx ActiveX control could allow an attacker to force the application to jump to a location in memory controlled by the attacker through the optional |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 49260 |
published | 2010-09-16 |
reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/49260 |
title | QuickTime < 7.6.8 Multiple Vulnerabilities (Windows) |