QuickTime is a media player for Windows and Mac OS platforms.
Apple QuickTime before 7.7.4 is vulnerable to remote code execution due to a failure to perform appropriate validation of user supplied input. A remote attacker who persuades a vulnerable user to open a movie file with specially crafted
**dref** atoms could execute arbitrary code with the rights of the compromised user.
Upgrade to Apple QuickTime 7.7.4 or later.
This exploit was tested against Apple QuickTime 7.7.3 on Windows XP SP3 English (DEP OptIn).
The user must open the exploit in Internet Explorer 8.