According to Apple, all the user has to do in order to become a victim is to view a specially crafted video or image file.
The seventh fix addresses a flaw found in QuickTime for Java . By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker may cause the disclosure of sensitive information and arbitrary code execution with elevated privileges. The update makes QuickTime for Java no longer accessible to untrusted Java applets.
The new update is available for Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista and Windows XP SP2.
QuickTime 7.3 is available here for download.