Secunia has issued warnings of an extremely critical vulnerability in Winamp. Seemingly, the vulnerability definitely affects version 5.12. Other versions may also be affected, but this has yet to be proved.
The vulnerability is caused due to a boundary error during the handling of filenames that include computer names. This can be exploited to cause a buffer overflow when a specially crafted playlist containing a filename starting with an overly long computer name of around 1,040 bytes is encountered.
An attacker can use this vulnerability to take full control of the machine and allow the execution of arbitrary code.
Nullsoft, the Winamp developers have now issued a new version of the software - 5.13 which closes the hole.