A Spanish security researcher has discovered a new vulnerability in Apple s QuickTime software that can be used to bypass both ASLR and DEP on current versions of Windows and give an attacker control of a remote PC. The flaw apparently results from a parameter from an older version of QuickTime that was left in the code by mistake. The vulnerability can be exploited remotely via a malicious Web site. On a machine running Internet Explorer on Windows 7, Vista or QuickTime 7.x or 6.x installed, the problem can be. exploited by using a heap-spraying technique.
Source: https://threatpost.com/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010/74396/