QuickTime backdoor allows takeover of Windows 7 machines, ancient line of code to blame
I know there's probably an enormous codebase for QuickTime, but it's pretty crazy to think that Apple hasn't removed it in nearly 10 years of code reviews (there were code reviews, right, Apple?). The Register says that an attack module exploiting this vulnerability is on the way from security open-source community Metasploit. We'll see if Apple issues a fix for _Marshaled_pUnk, or if Apple and bunch of Windows users get punked first. Yikes!