This Metasploit module exploits a stack overflow in Apple ITunes 4.7 build 4.7.0.42. By creating a URL link to a malicious PLS file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.pls'.
60c5b0f8c0b2bae758156348e4c8ec79ad1ee0f66b1e62f0f5b340492a94c0c6
iTunes 4.7.1 fixes a buffer overflow in the parsing of m3u and pls playlist files that could allow earlier versions of iTunes to crash and execute arbitrary code.
1deb95f4b7c07396547d3dd6c730b8cd3a6db6e7340d812a379a4e5c91346804