If you have QuickTime installed, there is an option 'Help-Update
Existing Software'. This does NOT update QuickTime 7.1.3 for the
security issue. Instead, it says 'Your QuickTime software is up to
date.' But it's not.

If when you installed QuickTime (or iTunes), you selected the option to
install the Apple Software Update tool, then a separate application is
installed on your system. It is available via Start-All Programs-Apple
Software Update.

I manually ran the Apple Software Update tool - it showed that I needed
an update to the Apple Software Update tool. I did that, then ran it
again and it showed I needed an update for QuickTime 7.1.3.

Within the Apple Software Update tool, there is an option to download
the patch only and not install it. The patch itself is called
SecurityUpdate2007-001.msi and no, it is *not* available for download
from the Apple website directly.

The SecurityUpdate2007-001.msi patch is 6.5 meg and updates three files
on your system:
QuickTimePlayer.exe %ProgramFiles%\QuickTime 7.1.3.191
QuickTime.qts %ProgramFiles%\QuickTime\QTSystem 7.1.3.191
QuickTimeStreaming.qtx %ProgramFiles%\QuickTime\QTSystem 7.1.3.191

Apple doesn't publish any information in their bulletin about what files
are updated, or how to check your system to see if it's been patched.
Therefore, you need to check it manually using the above details.

Keep in mind that the Help-Update Existing Software function within
QuickTime is oblivious to this patch, and that the patch itself can't be
downloaded from Apple's download page, no matter what the security
bulletin says (as least at this point in time).

Corporate folks may wish to install the QuickTime with Apple Software
Update tool on a VM machine, then run the Update tool to download the
actual MSI - then use your standard enterprise software deployment
mechanism to publish this MSI to anyone running 7.1.3 QuickTime.