CVE-2007-3752
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
Date published : 2007-09-06
http://lists.apple.com/archives/security-announce/2007/Sep/msg00000.html