Here we go again …
Vulnerability researcher Luigi Auriemma has reported an Apple QuickTime flaw attackers could exploit to hijack targeted machines.
The problem is a boundary error in how RTSP replies are handled, and it can be exploited to cause a buffer overflow by sending a specially crafted reply containing an overly-long “Reason-Phrase.” From there, the attacker could then trick the user into opening a malicious .qtl file or visiting a malicious Web site.
The vulnerability is reported in version 18.104.22.168.
Danish vulnerability clearinghouse Secunia recommends users avoid untrusted Web sites and .qtl files.