Buffer Overflow Affects Winamp 3 Skins

A buffer overflow in Winamp 3's XML parser could let an attacker execute arbitrary code on a victim's PC, according to an advisory http://161.53.51.222/advisory/sunnis-01.txt from Illegal Instruction Labs. The vulnerability exists in Winamp's Wsabi engine, which is the core of the application's skinning system, and could be exploited if a victim opened a maliciously crafted .WAL skin file. When Winamp 3 is installed, Microsoft Internet Explorer is set to automatically open these files once they are downloaded, without prompting the user. Proof-of-concept shellcode for Win ME has been provided, and could be changed to work on other versions of Windows.

The advisory doesn't mention whether the vendor has been notified; as a temporary workaround, we recommend removing the skin file association from Internet Explorer. Go to the Tools->Folder Options menu in Windows Explorer, click the "File Types" tab, and remove .WAL from the list of
registered extensions.