14 DAY TRIAL // QuickTime is one of the most popular video applications on the internet because it allows you to watch your movies with ease, capture any video content, record audio podcasts and many other features that help you play almost any video format. The application also allows you to edit your movies easily, without the need of a specialized software solution.
Because the number of QuickTime users is enormous, you should know that the application contains a security flaw that can allow an attacker to control your computer. The vulnerability is reported in version 7.1.3.100 (Windows version) and reportedly affects both Microsoft Windows and Mac OS X versions.
Security company Secunia rated the flaw as "highly critical", saying that the vulnerability "is caused due to a boundary error when handling RTSP URLs. This can be exploited to cause a stack-based buffer overflow via a specially crafted QTL file with an overly long (more than 256 bytes) "src" parameter (e.g. "rtsp://[any character]:[>256 bytes]")."
It seems like the only solution available until the company will release an official statement is to refuse to open untrusted QTL files that are delivered by multiple methods.
The original advisory released by LMH and Kevin Finisterre said that the exploitation of the flaw requires "a working Ruby interpreter. The exploit provided will create a QTL file, which can be locally opened or served remotely via web server. The exploit source code includes notes and other comments about the different options available."
So, until the company will release an updated version of Apple QuickTime or even a patch meant to fix this "highly critical" security flaw, don't open untrusted video files because the risk of getting your system vulnerable to attack is very high.