Zero Day Initiative Advisory 09-025 – This vulnerability allows attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must either open a malicious file, or visit a malicious web page. The specific flaw exists during decompression of a delta-encoded chunk. The algorithm to decompress the frame trusts a line specifier when calculating where to write decompressed data. This results in a relative write using attacker supplied values which can lead to remove code execution under the context of the current user.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/78020/ZDI-09-025.txt
Source: https://packetstormsecurity.com/files/78020/Zero-Day-Initiative-Advisory-09-025.html