On Monday, August 30, 2010, a Security Researcher published details of a Previously Un-Known and Un-Patched Vulnerability affecting the Apple QuickTime Plug-In. Successful exploitation of this issue will allow remote-code execution in the context of the affected User.

A Metasploit module is forthcoming which will use return oriented programming to execute code, by-passing A.S.L.R. and D.E.P.. Users may wish to Disable the QuickTime Plug-In until a Patch is available; this can be achieved by setting the Killbit for the affected Control (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) or Re-Naming the Plug-In (QTPlugin.OCX).