[Gareth]

source: http://www.frsirt.com/english/advisories/2006/0361

Quote:

Advisory ID : FrSIRT/ADV-2006-0361
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-01-29

Technical Description

A vulnerability has been identified in Winamp, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when processing a specially crafted playlist (".pls" file) containing a malformed "File1" tag, which could be exploited by remote attackers to execute arbitrary commands and take complete control of an affected system without any user-interaction via a specially crafted web page.

Exploits

http://www.frsirt.com/exploits/20060...namp0day.c.php

Affected Products

Nullsoft Winamp version 5.12 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

Workarounds

To prevent opening malicious files automatically, FrSIRT recommends :

Disabling the "audio/scpls" and "audio/mpegurl" MIME Types in Internet Explorer by deleting or renaming the following registry keys :
"HKEY_CLASSES_ROOT\.pls" and "HKEY_CLASSES_ROOT\.m3u".

And disassociating the "pls" and "m3u" file extensions in Windows :

- Launch Windows Explorer
- On the Tools Menu select "Folder Options"
- Select the "File Types" tab
- Scroll to find the PLS and M3U file extensions and then press the "Delete" button

References

http://www.frsirt.com/english/advisories/2006/0361
http://www.frsirt.com/exploits/20060...namp0day.c.php

I'm guessing that quite a few of us use Winamp. Not sure what AOL's policy is regarding patching, especially as I thought that they had discontinued development/support for Winamp.