This paper discusses how an unprivileged local attacker can elevate their privileges during an initial installation or update of iTunes for Windows. This vulnerability was responsibly disclosed to Apple Inc. and this advisory was not released until a fixed build of iTunes was released.
08157a8dd7cfd5cb407ffa0138623559421da7fed35cdf32b494e3edc81120bf