[HIB]Old Apple QuickTime code puts IE users in harm's way

Apple's failure to clean up old code in QuickTime leaves people running Internet Explorer (IE) vulnerable to drive-by attacks, a Spanish security researcher said today. Ruben Santamarta, a researcher at Madrid-based Wintercore who revealed a bug in IE8 last month, today outlined the QuickTime plug-in vulnerability. Hackers only need to dupe users into visiting a malicious site hosting exploit code, said Santamarta, who added that his attack code works when someone browses with IE on a machine running Windows XP, Vista or Windows 7 that has QuickTime 7.x or the older QuickTime 6.x installed. Santamarta's exploit works because Apple didn't tidy up QuickTime's code after developers dropped the "_Marshaled_pUnk" function.

**Hidden Content: To see this hidden content your post count must be 1 or greater.**