Symantec rated the vulnerability as “high”. “Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer. This issue occurs when handling specially crafted RTSP Response headers. Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application,” said Symantec in its alert.

According to the security company successful exploits of the vulnerability will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

Symantec discovered that QuickTime 7.2 and 7.3 are vulnerable to this issue, but the security experts warned that other versions may also be affected.

U.S. Computer Emergency Readiness Team confirmed the flaw and they suggested a few workarounds: block the rtsp:// protocol, disable the QuickTime ActiveX controls in Internet Explorer and QuickTime plug-ins in Mozilla based browsers or disable file association for QuickTime files.

As QuickTimes is part Apple’s iTunes, the installations of this program are also affected by this vulnerability, noted US-CERT.

The last update of QuickTime, 7.3, was released by Apple at the beginning of this month.