Nullsoft recently released version 5.623 of its Winamp media player, fixing three vulnerabilities that could be leveraged to execute arbitrary code on a victim's computer.
"The security flaws were discovered by Dmitriy Pletnev from vulnerability management firm Secunia and an independent researcher named Hossein Lotfi, who reported his finding through the company's vulnerability coordination reward program (SVCRP)," writes PCWorld's Lucian Constantin.
"An attacker could exploit these vulnerabilities by tricking victims into opening specially crafted AVI or Impulse Tracker (IT) files," Constantin writes. "The remote attack vectors include malicious files stored on network shares and WebDAV resources, but also rogue playlists hosted on the Web."
Go to "Winamp Update Addresses Three Remote Code Execution Vulnerabilities" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.