According to Apple, the problem revolved around the QuickTime Media Links (QTLs):
“A command injection issue exists in QuickTime’s handling of URLs in the qtnext field in QTL files. By enticing a user to open a specially crafted QTL file, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution. This update addresses the issue through improved handling of URLs. This issue does not affect Mac OS X.”
The security update for QuickTime 7.2 can be downloaded from here.