Some vulnerabilities have been reported in Winamp, which can be exploited by malicious people to compromise a user's system.

1) A boundary error during the handling of filenames including a UNC path with a long computer name can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename with an overly long computer name (about 1040 bytes).

NOTE: An exploit is publicly available.

The vulnerability has been confirmed in version 5.12. Other versions may also be affected.

2) A boundary error within the parsing of playlists (.m3u or .pls) can be exploited to cause a stack-based buffer overflow via a playlist containing an overly long, specially crafted filename.

The vulnerability has been reported in version 5.11 and does reportedly not affect prior versions.

The vulnerability is related to vulnerability #1.

3) A boundary error within the parsing of playlists containing a filename with a .wma extension can be exploited to cause a buffer overflow via a specially crafted playlist.

The vulnerability has been reported in version 5.094. Other versions may also be affected.

Successful exploitation of any of the vulnerabilities allows execution of arbitrary code on a user's system when e.g. a malicious website is visited.

Solution
Update to version 5.13.
Further details available to Secunia VIM customers

Provided and/or discovered by
1) ATmaCA
2) Alan Mccaig (b0f) and Ruben Santamarta.
3) b0f

Changelog
Further details available to Secunia VIM customers

Original Advisory
1) http://milw0rm.com/id.php?id=1458
2) http://www.idefense.com/intelligence/vulnerabilities/display.php?id=377
3) http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers