Thanks GameGuy21 and matthelmi for this. According to the article on eWeek, a new critical vulnerability, where an attacker could execute arbitary code, has been discovered on the latest version of Winamp. One can only wonder when (if) the patch is going to be released after the original development team has abandonned the player.
Users of America Online Inc."s Winamp media player are at risk of remote code execution attacks because of a flaw in the software, according to a warning from a security research firm.
The flaw, which Secunia rates as "highly critical," has been reported in Winamp versions 5.05 and 5.06. Prior versions also may be affected.
Security-Assessment.com, which is credited with finding the vulnerability, said a malicious hacker could cause a buffer overflow in various ways, the most dangerous being through a malformed .m3u playlist file.
"When hosted on a Web site, these files will be automatically downloaded and opened in Winamp without any user interaction. This is enough to cause the overflow that would allow a malicious playlist to overwrite EIP and execute arbitrary code," the company said.
The vulnerability exists due to a boundary error in the "IN_CDDA.dll" file," the company said.
News source: eWeek