とりあえずQuickTimeの未知の脆弱性でMacOSXでスタックバッファオーバーフローを起こすそうです。/bin/shのアドレスに飛んでける？

# Notes:
# Our command string is loaded on memory at a static address normally,
# but this depends on execution method and the string length. The address set in this exploit will
# be likely successful if we open the resulting QTL file directly, without having an
# instance of Quicktime running. Although, when using another method and string, you'll need
# to find the address.
# For 100% reliable exploitation you can always use the /bin/sh address,
# but that's not as a cool as having your box welcoming the new year.
# Do whatever you prefer. That said, enjoy.
#
# see http://projects.info-pull.com/moab/MOAB-01-01-2007.html