Nullsoft Winamp is a skinable media player for Microsoft Windows supporting MP3 and other filetypes. Winamp 3 skin files use a .wal extension by default.
The system that handles Winamp skin files contains an unchecked buffer that could allow code execution. By supplying an exceptionally long string for the <include file=""/> tag within the XML configuration files, it is possible to overflow the buffer and execute code in the security context of the user running Winamp.
The following proof of concept exploit was made available by <email@example.com> for Winamp 3 on Windows Me (note that by clicking the link with Winamp installed, this file will open and execute automatically):
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.