Hello,
I just saw the following advisory on SANS
Secunia has it as an Extremely Critical vulnerability.Quote:
While we're on the topic of audio software, there's a 0-day exploit out today for Winamp 5.12 that allows remote code execution via a crafted playlist (.pls) file. The proof-of-concept exploit suggests using an iframe to trigger a 'drive-by' attack on anyone unlucky enough to visit a website containing a malicious iframe; say, third-party advertisers and forum websites--the usual vectors for this sort of thing.
Secunia's got a nice writeup of it here.
Just a heads up! Watch yourselves!
-Deeboe