Apple on Wednesday dropped a patch for QuickTime to fix a arbitrary code execution vulnerability.
Relative to other recent QuickTime patches this one was small--only one vulnerability that could lead to an "unexpected application termination or arbitrary code execution" if a user visits a malicious Web site.
QuickTime 7.4.1 covers the following vulnerability (CVE-2008-0234). Here's Apple's description.
A heap buffer overflow exists in QuickTime's handling of HTTP responses when RTSP tunneling is enabled. By enticing a user to visit a maliciously crafted webpage, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.