Security firm eEye Digital Security has identified what it says are flaws in Apple’s Windows version of iTunes and QuickTime.
“A remotely exploitable flaw exists that allows arbitrary code to be executed in the context of the logged in user,” according to the upcoming advisories, both published on eEye’s Web site, as EEYEB-20051117a and EEYEB-20051117b, respectively.
The vendor rates both flaws as having a high degree of severity, as they can permit remote code execution. eEye says various versions of QuickTime and iTunes are affected, specifically on Windows operating systems. No mention in the advisory is made of the Mac.
Representatives from eEye did not respond to Playlist’s request for comment before this article was posted.