Update: QuickTime 7.0.4
By carefully crafting a corrupt QTIF image, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution. This update addresses the issue by performing additional validation of GIF images. Credit to Varun Uppal of Kanbay for reporting this issue.
Operating Systems affected: Mac OS-X v10.3.9 and later, Windows 2000/XP
See this Apple page (http://docs.info.apple.com/article.html?artnum=303101) for details
QuickTime 7.0.4 may be obtained from the Software Update pane in
System Preferences, or from the Download tab in the QuickTime site
http://www.apple.com/quicktime/
For Mac OS X v10.3.9 or later
The download file is named: "QuickTimeInstallerX.dmg"
Its SHA-1 digest is: a605fc27d85b4c6b59ebbbc84ef553b37aa8fbca
For Windows 2000/XP
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 1f7d1942fec2c3c205079916dc47b254e508de4e