Apple's failure to clean up old code in QuickTime leaves people running Internet Explorer (IE) vulnerable to drive-by attacks, a Spanish security researcher said today.Ruben Santamarta, a researcher at Madrid-based Wintercore who revealed a bug in IE8 last month, today outlined the QuickTime plug-in vulnerability. Hackers only need to dupe users into visiting a malicious site hosting exploit code, said Santamarta, who added that his attack code works when someone browses with IE on a machine running Windows XP, Vista or Windows 7 that has QuickTime 7.x or the older QuickTime 6.x installed.Santamarta's exploit works because Apple didn't tidy up QuickTime's code after developers dropped the "_Marshaled_pUnk" function.

**Hidden Content: Check the thread to see hidden data.**