The host is installed with Apple QuickTime before 7.7.3 and is prone to use after free vulnerability. A flaw is present in the application, which fails in plugin's handling of '_qtactivex_' parameters within a HTML object element. Successful exploitation could allow attackers to execute arbitrary code or crash the service.