^ Thanks for sharing ... Blog post with additional links below: Quicktime and possibly iTunes processing could be affected by malformed RSTP headers found in QT music formats. Users should be careful with email attachments and website visitation, plus watch for any forthcoming QT updates, as Apple will most likely patch this serious vulnerability promptly.Apple QuickTime and iTunes Critical Vulnerabilities
: Apple QuickTime contains a stack buffer overflow vulnerability
in the way QuickTime handles the RTSP Content-Type header. This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream. Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected
by this vulnerability. We are aware of publicly available exploit code
for this vulnerability.ISC UPDATE-1:
We have received a report that exploits are now working for Vista, XP, IE6, IE7, and Safari 3.0 on Windows
. Keep in mind that other attack vectors may be vulnerable as well.ISC UPDATE-2: Firefox
has been reported as an exploit vector as well.