APPLE-SA-2011-04-18-1 iTunes 10.2.2 for Windows

http://support.apple.com/kb/HT4609

"iTunes 10.2.2

WebKit

Available for: Windows 7, Vista, XP SP2 or later

Impact: A man-in-the-middle attack may lead to an unexpected
application termination or arbitrary code execution

Description: Multiple memory corruption issues exist in WebKit. A
man-in-the-middle attack while browsing the iTunes Store via iTunes may
lead to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-1290 : Vincenzo Iozzo, Willem Pinckaers, Ralf-Philipp
Weinmann, and an anonymous researcher working with TippingPoint's Zero
Day Initiative

CVE-2011-1344 : Vupen Security working with TippingPoint's Zero Day
Initiative, and Martin Barbella"

It is recommended that iTunes users update to the latest version of the
software.

Thanks,
ep