Month of Apple Bugs has begun / QuickTime Vulnerability (Affects Windows & OSX)
http://projects.info-pull.com/moab/MOAB-01-01-2007.html
Details from the bulletin are below.
Summary:
A vulnerability exists in the handling of the rtsp:// URL handler.
By supplying a specially crafted string (rtsp:// [random] + semicolon + [299 bytes padding + payload]),
an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL
file as attack vector, leading to an exploitable remote arbitrary code execution condition.
Affected versions:
This issue has been successfully exploited in
QuickTime™ Version 7.1.3, Player Version 7.1.3. Previous versions should be vulnerable as well.
Both Microsoft Windows and Mac OS X versions are affected.
Workaround or temporary solution:
The only potential workaround would be to disable the rtsp:// URL handler, uninstalling
Quicktime or simply live with the feeling of being a potential target for pwnage.