[Steve]

Security researchers have warned that attack code which targets an unpatched bug in Apple Inc.'s QuickTime is in the public domain; in-the-wild attacks against systems running Windows XP and Vista and possibly Mac OSX are probably being prepared by malicious hacker groups.

The critical bug in QuickTime 7.2 and 7.3 (and perhaps earlier editions as well) is in the player's handling of the Real Time Streaming Protocol (RTSP), an audio/video streaming standard. It is rated by Secunia as ' Extremely Critical'. The vulnerability is confirmed in version 7.3 of QuickTIme. Other versions may also be affected.

According to alerts posted by Symantec Corp. and the U.S. Computer Emergency Readiness Team (US-CERT), attackers can exploit the flaw by duping users into visiting malicious or compromised Web sites hosting specially-crafted streaming content, or by convincing them to open a rigged QTL file attached to an e-mail message.

A successful exploit would let the attacker install additional Malware -- spyware or a spambot, say -- or cull the system for information like passwords. An attack that failed would likely only crash QuickTime on Windows and Mac OSX systems.

It appears from reports that Firefox is especially susceptible to this exploit, Internet Explorer and Safari browsers less so.

Be cautious and only accept streaming video from known safe websites.