I'll name that exploit in one - VirtualDJ hole
The development team behind DJ software VirtualDJ have released version 7.4 of their software, which fixes a bug triggered when analysing ID3 tags. That bug has subsequently turned out to be a critical security vulnerability. Contrary to statements in the change log that the effects of malformed ID3 tags are limited to crashes, it turns out that the bug can be exploited to inject malicious code.
An exploit utilising the buffer overflow, which is triggered by processing ID3 tags in the Windows version of the software, is already in circulation. The overflow is triggered specifically when analysing the song title (the "title" field). Playing a maliciously crafted MP3 file with VirtualDJ can therefore result in infection. VirtualDJ users, especially those who listen to MP3s from untrusted sources, should migrate to the new version without delay. The update also fixes numerous other bugs in the software.