Apple has shipped QuickTime 7.6.7 to fix a critical vulnerability that exposes Windows users to malicious hacker attacks.
The update, available for Windows XP SP3 and later, Windows Vista and Windows 7, corrects a flaw that could be exploited to launch remote code execution attacks.
According to Apple’s advisory, the flaw could be exploited with a maliciously crafted movie file.
A stack buffer overflow exists in QuickTime’s error logging. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by disabling debug logging. This issue does not affect Mac OS X systems.
QuickTime 7.6.7 may be obtained from the Windows software update application, or from the QuickTime Downloads site.