Apple ha sacado un parche para Quicktime que parcha una vulnerabilidad que se conocía desde hace un año...

(Apple nuevamente demuestra su rapidez, desempeño, efectividad y compromiso hacia los usuarios en comparación con la competencia)

http://news.yahoo.com/s/cmp/20071005...psME3qRjojtBAF


Security Update for QuickTime 7.2

  • QuickTime
    CVE-ID: CVE-2007-4673
    Available for: QuickTime 7.2 on Windows Vista, XP SP2
    Impact: Viewing a maliciously crafted QTL file may lead to arbitrary code execution
    Description: A command injection issue exists in QuickTime's handling of URLs in the qtnext field in QTL files. By enticing a user to open a specially crafted QTL file, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution. This update addresses the issue through improved handling of URLs. This issue does not affect Mac OS X.

Sitio de descargas de Apple.
http://www.apple.com/support/downloads/