Zero Day Initiative Advisory 10-042 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed MediaVideo data from a sample description atom (STSD). The application will read a length from the file, subtract 1 and then use it as a counter for a loop. Certain values may cause memory corruption and can result in code execution under the context of the current user.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/87999/ZDI-10-042.txt
Source: https://packetstormsecurity.com/files/87999/Zero-Day-Initiative-Advisory-10-042.html