Apple QuickLook OfficeImporter JavaScript Injection

A command injection vulnerability exists in Apple QuickLook. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.

You can read the full article here.