I can take your word for that. I've heard of PC users who've had problems running QuickTime.
Although QuickTime does not contain spyware, looking at the technical details of this latest vulnerability, it's feasible that QuickTime could be a attack vector for loading spyware or performing some other malicious act. But the attack would have to lure the user into taking some action, like clicking on a link, so it's not an efficient way to propagate malware. The risk to the average QuickTime user is negligible. Another complication is that QuickTime is available for three platforms (Windows, PowerPC Macs and Intel Macs), and it would be difficult to create an exploit that works on all three.
Apple needs to fix some things, like checking for buffer overflows and checking for code following a colon character in URLs. These fixes should be simple to apply. I'm sure Apple is a little embarrassed that these bugs exist, but they should not cause any widespread problems.
The reason it wont' cause widespread harm is because there aren't enough MACs to make a dent on the news cycle, so hackers won't waste their time.
The Windows version is already fixed, but that requires someone to install the patch. Does quicktime autocheck for security patches?
But to lure someone to a link is pretty easy nowadays...a simple email with a funny video will do the trick. Users will click all your links if you give them one or two funny videos to watch.