Security researcher at Secunia discovered a critical vulnerability in the latest version of Apple’s QuickTime 7 media player for Windows.
The vulnerability is caused by a boundary error in the streaming component used by QuickTime and can be used to initiate a stack-based buffer overflow. The attacker needs to create a crafted web page to exploit the vulnerability.
QuickTime 7.6.6 (build 1671), released at the end of March 2010, and there is no update patch for this vulnerability.
Please visit QuickTime Player Streaming Debug Error Logging Buffer Overflow at Secunia security advisory for more information.