Sean de Regge has reported a vulnerability in iTunes, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling of .m3u and .pls playlists. This can be exploited to cause a buffer overflow via a specially crafted playlist.
Successful exploitation may allow execution of arbitrary code.
SOFTWARE:
iTunes 4.x
SOLUTION:
Update to version 4.7.1.
http://www.apple.com/support/downloads/itunes471.html
PROVIDED AND/OR DISCOVERED BY:
Sean de Regge
VERIFY ADVISORY:
http://secunia.com/advisories/13804/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050118102410600