14 DAY TRIAL // It's all about QuickTime 7.2! More than a year ago, a vulnerability has been disclosed in the program by researcher Petko Petkov (who posted it on his blog). The flaw got completely ignored. That's until now - seeing that Apple didn't care much for his disclosure, Mr. Petkov posted a proof of concept so that these guys will take the issue more seriously. And it seems that his tactics worked, since Apple just released a patch to fix the vulnerability.
The flaw could have caused serious problems. Should one user view a maliciously crafted QTL file, this could have lead to arbitrary code execution. QTLs are files that "tell" the program what (files) should be played and how to play them.
As seen on Apple's website, a command injection issue exists in QuickTime's handling of URLs in the qtnext field in QTL files. By enticing a user to open a specially crafted QTL file, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution. This update addresses the issue through improved handling of URLs. This issue does not affect Mac OS X, but it does affect Windows Vista and XP SP2.
You can download the patch here and read the discussion about this type of flaws/exploits here. To be frank, I am quite surprised that Apple did not address this issue earlier, and it's really sad to see that a vendor doesn't give a damn about a security issue until a proof of concept pops up, showing how severe an exploit could be! But in any case it's better late than never. I advise you to update as fast as possible, since this is just one of those low risk issues, that if remain unattended could cause high risk attacks. And you don't want that to happen, do you?