A vulnerability in the way Quicktime displays error messages allows remote attackers to cause it to crash and execute arbitrary code. The vulnerability is triggered by a malformed HTTP response whenever the Quicktime is asked to connect to an RTSP server whose TCP port 554 and 7070 are closed but non-filtered.

http://www.securiteam.com/windowsntfocus/5DP0B1FN5M.html