Proof of concept exploit for iTunes 4.3.7 on OS X 10.3.7. Shellcode binds a shell to port 4444.
b05f72bd3493e1d0b8d1ee90794c20b56668c3916fe59f0c1ec9dedcf40e49fe
iDEFENSE Security Advisory 01.13.05 - Remote exploitation of a buffer overflow vulnerability in Apple Computer Inc.'s iTunes music player allows attackers to execute arbitrary code. The problem specifically exists when parsing playlist files that contain long URL file entries.
0ef04a63f0b7de016bd8ee4cfdbff3d9b5f2a0e90b7425e26b41e85a925b45d8