Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.
http://www.vupen.com/english/advisories/2005/2443
http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities