Apple has released Security Update 2007-001 to correct a buffer overflow vulnerability in Apple QuickTime. The flaw is in the way that QuickTime handles Real Time Streaming Protocol (RTSP) URL strings. By persuading a user to access a specially crafted QuickTime file, a remote attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system. US-CERT is also aware of publicly available proof-of-concept code that exploits this vulnerability.

http://www.us-cert.gov/current/current_activity.html#apup0701