bjoernvold.com

A “binary planting” vulnerability in Apple iTunes for Windows allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.

Critical bug in 40 apps

Since Windows systems by default have the Web Client service running - which makes remote network shares accessible via WebDAV -, the malicious DLL can also be deployed from an Internet-based network share as long as the intermediate firewalls allow outbound HTTP traffic to the Internet.

A systematic attack could deploy malicious code to a large number of Windows workstations in a short period of time, possibly as an Internet worm.

Now you know

Man alive, will this kind of thing never stop with them? Every time one turns 'round there's another one in Windows.

Ive stated in other forums that windows code is too buggy!
with so many programmers developing a program or app
they each create their own back doors and alternate entrance points in the code
(example on average they may have 30 or 40 people working on one app alone that's a lot of holes in the program)
they are supposed to remove them all but if a product is rushed through it rarely gets done.
some are even left intentionally.
an intensive debugging program can find the holes and these points are what gets exploited and targeted for attacks
and it doesn't help that they use a single large partitioning scheme!