Zero Day Initiative Advisory 09-028 – This vulnerability allows attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must either open a malicious file, or visit a malicious web page. The specific flaw exists during parsing of Clipping Region (CRGN) atom types in a Quicktime Movie file. The application trusts the contents of the atom to contain a terminator during a copy operation. The application will copy user-supplied data into a heap-buffer until it identifies this terminator. This will allow one to overwrite heap-control structures which can be leveraged to achieve code execution from the context of the application.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/78023/ZDI-09-028.txt
Source: https://packetstormsecurity.com/files/78023/Zero-Day-Initiative-Advisory-09-028.html