Apple released QuickTime 7.6.6 Tuesday, an update for Windows 7 and Vista, as well as Mac OS X 10.5.x, Leopard. The patch addresses some 16 different issues affecting Windows and Leopard, including several that could allow the bad guys to take over your PC or Mac.

You can download the update through Software Update in Leopard, or through the Apple Software Updater application in Windows. Alternately, you can find the update at Apple’s QuickTime download site.

• QuickTime
  CVE-ID: CVE-2009-2837
  Available for: Windows 7, Vista, XP SP2
  Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
  Description: A heap buffer overflow exists in the handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. The issue is addressed through improved validation of PICT images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2, and for Mac OS X v10.5 systems it is addressed in Security Update 2009-006. Credit to Nicolas Joly of VUPEN Vulnerability Research Team for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0059
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution
  Description: A memory corruption issue exists in the handling of QDM2 encoded audio content. Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0060
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution
  Description: A memory corruption issue exists in the handling of QDMC encoded audio content. Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0062
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  Description: A heap buffer overflow exists in the handling of H.263 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.263 encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Damian Put working with TippingPoint’s Zero Day Initiative for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0514
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  Description: A heap buffer overflow exists in the handling of H.261 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.261 encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Will Dormann of the CERT/CC for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0515
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  Description: A memory corruption in the handling of H.264 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.264 encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3.
• QuickTime
  CVE-ID: CVE-2010-0516
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  Description: A heap buffer overflow in the handling of RLE encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of RLE encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0517
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Description: A heap buffer overflow in the handling of M-JPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional
  validation of M-JPEG encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Damian Put working with TippingPoint’s Zero Day Initiative for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0518
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of Sorenson encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Will Dormann of the CERT/CC for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0519
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  Description: An integer overflow exists in the handling of FlashPix encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS Xv10.6.3. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0520
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  Description: A heap buffer overflow exists in the handling of FLC encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional
  validation of FLC encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Moritz Jodeit of n.runs AG, and Nicolas Joly of VUPEN Security working with TippingPoint’s Zero Day Initiative for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0526
  Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
  Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution
  Description: A heap buffer overflow exists in the handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of MPEG encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0527
  Available for: Windows 7, Vista, XP SP2
  Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
  Description: An integer overflow exists in the handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. This issue does not affect Mac OS X systems. Credit to Nicolas Joly of VUPEN Vulnerability Research Team for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0528
  Available for: Windows 7, Vista, XP SP2
  Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  Description: A memory corruption exists in the handling of color tables in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional
  validation of color tables. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0529
  Available for: Windows 7, Vista, XP SP2
  Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
  Description: A heap buffer overflow exists in the handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. This issue does not affect Mac OS X systems. Credit to Damian Put working with TippingPoint’s Zero Day Initiative for reporting this issue.
• QuickTime
  CVE-ID: CVE-2010-0536
  Available for: Windows 7, Vista, XP SP2
  Impact: Opening a maliciously crafted BMP image may lead to an unexpected application termination or arbitrary code execution
  Description: A memory corruption issue exists in the handling of BMP images. Opening a maliciously crafted BMP image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of BMP images. This issue does not affect Mac OS X systems. Credit to SkyLined of Google, Inc. for reporting this issue.