"Month of Apple Bugs" Starts With QuickTime

The Month of Apple Bugs Web site started the year with its first flaw in an Apple product: QuickTime. The posting suggests that a flaw in the QuickTime rstp URL handler could be exploited through a handler stack-based buffer overflow that results in the ability to remotely execute code on your computer.

The flaw is present in QuickTime 7.1.3 for both Mac and Windows, but currently there is no known exploit taking advantage of the flaw.

The Month of Apple Bugs Web site plans to release previously unpublished flaws in Apple software through the month of January. TMO published some thoughts on this project in a recent editorial - A Month of Continuous Foolishness