A security flaw in QuickTime that can leave users at risk has been published
, next in line after a slew of vulnerabilities were already discovered and patched this year. In this instance, anyone using QuickTime 7.2 or 7.3 on Windows Vista or Windows XP are vulnerable. Some are rating the flaw as critical
, as it has the potential to result in system compromise.
The flaw has not gone undocumented, but in Apple's last rollup patch
for Quicktime, which was just earlier this month, it was not fixed. You can be affected irrespective of whether you use Internet Explorer or Firefox, though there are workarounds suggested such as disabling QuickTime ActiveX controls or QuickTime plugins.
As always, using a small dose of caution when opening random content you find on the Internet will help more than anything. No word from Apple on when a fix is planned.