Apple releases “Security Update 2007-001” to address QuickTime 7.1.3 vulnerability.
http://www.info.apple.com/kbnum/n61798
The update is available for QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000.
Security Update 2007-001 (Mac OS X 10.4.8 Universal) – 4.9MB
Security Update 2007-001 (Mac OS X 10.3.9) – 2.4MB
From Apple Support:
Security Update 2007-001 is recommended for all users and improves QuickTime security.
Description: A buffer overflow exists in QuickTime’s handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution. A QTL file that triggers this issue has been published on the Month of Apple Bugs web site (MOAB-01-01-2007). This update addresses the issue by performing additional validation of RTSP URLs.
The update can be obtained through Apple Software Updates (Mac OS X and Windows XP/2000) or Apple Support Downloads page.
http://www.apple.com/support/downloads/
Apple also releases Xserve RAID Admin Tools 1.5.1 for Mac OS X 10.2.8 or later.
From Apple Support:
The Xserve RAID Admin Tools 1.5.1 Update addresses overall reliability of the RAID Admin software and Xserve RAID firmware.