props to The Register (http://www.theregister.com/) for this report:

Security researchers are warning of a serious - and unfixed - security hole with the popular Winamp media player.

A remotely exploitable stack based buffer overflow creates a means for hackers to take over machines running Winamp- providing they can trick users into running maliciously constructed files. For example, a malformed .m3u playlist file, hosted on a web site, would be automatically downloaded and opened in Winamp without any user interaction. The vulnerability, discovered by pen testers at Security-Assessment.com, arises from a buffer overflow in library file (called IN_CDDA.dll) used by Winamp.

The vulnerability has been reported in version 5.05 and confirmed in version 5.06. Prior versions might also be affected, security firm Secunia warns. A proof of concept exploit was released yesterday by security outfit K-OTik. K-otik advises users to uninstall Winamp or at the very least disassociate .cda and .m3u extensions from Winamp until the bug is fixed.

Ouch. I never used Winamp, I really don't use media players much. If this proves too much, I'll wait until a safer version is released for free.

Heh, I will continue to use Winamp. I don't have any files run on my system without my express permission. This security vulnerability doesn't really seem that harmful to me.

I don't use Winamp anyway, and here's a nother reason not to do so again. I always use Windows Media Player now. I think Winamp sucks anyway, WMP is like the only program that Microsoft can make correctly.

Moonlight Espeon said:
WMP is like the only program that Microsoft can make correctly.don't forget that they're the masterminds behind the award-winning Halo series (I have not and do not plan on playing Halo)

oh dear. hope it's fixed soon.

winamp 5.07 released (http://forums.winamp.com/showthread.php?threadid=200927)

awesome. :monocle: should be on the front page of winamp.com soon.