"Luigi Auriemma, a 27-year-old Italian researcher who broke the news of the flaw on Thursday, said that the most recent version of QuickTime is prone to a buffer overflow that, if successfully exploited, gives the attacker free rein over a user’s computer. He posted information and proof-of-concept code on security site, milw0rm, his own website and multiple mailing lists.
The problem, said Auriemma, is when QuickTime tries to open a Real-Time Streaming Protocol (RTSP) connection and the server has closed TCP Port 544. The player then automatically tries to open an HTTP connection on Port 80. An attacker can exploit the weakness by duping a user into visiting a malicious site that includes an rtsp:// link; when QuickTime fails to connect, it would automatically seek out an HTTP server on the same system. The attacker, of course, would have made sure that there was an HTTP server there and would have populated it with the exploit." Techworld.com – First QuickTime bug of 2008
You may also like to read