“Highly Critical” vulnerability exists in the Apple QuickTime handling of rtsp:// URLs.
The exploit causes a stack-based buffer overflow that can lead to remote arbitrary code execution.
The vulnerability affects both the Windows and Apple OS X versions.
http://blogs.zdnet.com/ip-telephony/?p=1385&tag=nl.e550

This hopefully along with Vista support will be fixed in the next update. Ill post if I find out anything more (or if they update it)

EDIT: on and this is part of the NIST month of apple bugs where they are rigorously testing all apple software to find bugs/flaws/vulnerabilities etc. So expect them to find more