Metasploit’s HD Moore was in the midst of researching the recently patched LNK (Windows shortcut) vulnerability when he stumbled upon a serious problem that exposes more than 40 different Windows software programs to remote code execution attacks.
Moore issued a brief warning about the issue via Twitter and linked to a critical bulletin from Acros, a Slovenian security research outfit, that references a remote code execution bug patched in Apple’s latest iTunes update.
According to the advisory, all a remote attacker has to do is plant a malicious DLL with a specific name on a network share and get the user to open a media file from this network location in iTunes - which should require minimal social engineering.
Source: HD Moore: Critical bug in 40 different Windows apps | ZDNET