A stack-based buffer overflow occurs when processing a malformed RTSP server response. If the attacker develops a malicious RTSP server that is able to deliver a very long ‘Content-Type’ field, the QuickTime client that connects to this server over the RTSP protocol can then be exploited. This process can be further "automated" by launching the attack from within an HTML file, which makes it easier to trick vulnerable users into connecting to a malicious RTSP server.
QuickTime 7.3 and earlier
BeyondTrust Prevention and Detection:
BeyondTrust's Blink® Personal Edition protects from this vulnerability.
BeyondTrust's Blink® Professional Edition protects from this vulnerability.
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
APPLE-SA-2007-12-13 QuickTime 7.3.1
There is no known mitigation for blocking the exploitation of this vulnerability completely, however certain mitigation tactics may allow for attack vectors to be disrupted. These tactics are clearly spelled out in the referenced US-CERT advisory.
Links:Original PoC (Crash)
Second PoC (Crash)
Third PoC (Crash)
Fourth PoC - Fully Functional Reverse Shell