Zero Day Initiative Advisory 10-045 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of MPEG content. Upon reading a field used for compression within a ‘genl’ atom in the movie container, the application will decompress outside the boundary of an allocated buffer. Successful exploitation can lead to code execution under the context of the application.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/88002/ZDI-10-045.txt
Source: https://packetstormsecurity.com/files/88002/Zero-Day-Initiative-Advisory-10-045.html