David Remahl has reported a weakness in Apple QuickTime, which can be exploited by malicious people to disclose some system information.
The problem is that Quartz Composer compositions embedded in ".mov" files can access certain system information, which can be disclosed to web sites via JavaScript. This can e.g. be exploited to disclose the local username and directory information by tricking a user into visiting a malicious web site.
SOFTWARE:
Apple QuickTime 7.x
SOLUTION:
Disable the QuickTime browser plugin and do not open ".mov" and
Quartz Composer files from untrusted sources.
PROVIDED AND/OR DISCOVERED BY:
David Remahl
ORIGINAL ADVISORY:
http://remahl.se/david/vuln/018/
VERIFY ADVISORY:
http://secunia.com/advisories/15307/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050516101311946