Apple QuickTime does not properly handle "file: URLs" which may allow an attacker to execute arbitrary code. The risk is MEDIUM. By convincing a user to play a maliciously crafted QuickTime file, an attacker may be able to execute arbitrary code on a vulnerable system.