The recent number of unpatched QuickTime flaws is: two

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

The QuickTime RTSP vulnerability reported on 23th Nov is not the only unpatched remote vulnerability in QuickTime 
player.

It appears that WabiSabiLabi team has reported that there is another (they call it zero-day vuln) flaw too, affecting 
to XP systems.

The CVE name for this second issue reported by unknown person is CVE-2007-6238. The CVSS score is 10.0, in turn.

I have written a summary with reference links here:
http://blogs.securiteam.com/?p=1046

- Juha-Matti