Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4116)