This Metasploit module exploits a vulnerability in the Winamp media player. This flaw is triggered when a audio file path is specified, inside a playlist, that consists of a UNC path with a long computer name. This Metasploit module delivers the playlist via the browser. This Metasploit module has only been successfully tested on Winamp 5.11 and 5.12.
2889b99fb672981aaf32d6d03175e887ca97949831928a04b0e3fda08d3056d2
Technical Cyber Security Alert TA06-032A - America Online has released Winamp 5.13 to correct a buffer overflow vulnerability. By convincing a user to open a specially crafted playlist file, a remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. Winamp may open a playlist file without any user interaction as the result of viewing a web page or other HTML document.
1e0277b3054f29f9a489f8d9b090518ad23def64220f8bd3b659b9f34d101653
iDefense Security Advisory 02.01.06 - It has been found that a specially crafted m3u or pls file can overwrite a stack based buffer allowing for remote code execution. This vulnerability is specific to the 5.11 version of Winamp and does not affect previous versions.
55cfc9433a739a9d58acb02156040187fb0c6d1dfe185aad02576b64a0fdf607