Reported May 02, 2004, by eEye Digital Security
A vulnerability in Apple QuickTime 6.5 and Apple iTunes 220.127.116.11 could let a remote attacker reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. This specific flaw exists within the quicktime.qts file, through which many applications access QuickTime's functionality. Specially crafting atoms within a movie file triggers a direct heap overwrite, which makes reliable code execution possible.
Apple has released has released a patch for this vulnerability, which is available through the Updates section of the affected application.
Discovered by eEye Digital Security.