Zero Day Initiative Advisory 10-035 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in QuickTimeMPEG.qtx and results when QuickTime attempts to parse a malformed ‘genl’ atom that may be present in any QuickTime media file. A heap overflow is caused when QuickTime fails to perform proper bounds checking on the amount of data copied to the heap by a set of nested loops which can result in arbitrary code execution.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/87992/ZDI-10-035.txt
Source: https://packetstormsecurity.com/files/87992/Zero-Day-Initiative-Advisory-10-035.html