We are all used to IE getting a monthly new security bug found, but Winamp? In fact, this is not the first
security flaw found in the application. Apparently, users of the media playing application are at risk of remote code execution attacks
because of a flaw in the software, which makes it possible for an attacker to cause a buffer overflow in various ways, the most dangerous being through a malformed .m3u playlist file.
"When hosted on a Web site, these files will be automatically downloaded and opened in Winamp without any user interaction. This is enough to cause the overflow that would allow a malicious playlist to overwrite EIP and execute arbitrary code."
This comes at a time when the future of Winamp is uncertain
, and only a skeleton team remain, performing maintenance tasks on the application, and little else.