https://www.exploit-db.com/exploits/20094
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200007-055

Winamp2.64及其之前版本存在缓冲区溢出漏洞。远程攻击者通过超长#EXTINF:M3U播放列表的扩展执行任意命令。

source: http://www.securityfocus.com/bid/1496/info

The M3U Playlist file parser in NullSoft Winamp does not perform proper bounds checking with the extension "#EXTINF:". Therefore, entering a string consisting of over 280 characters in conjunction with this parameter will cause a buffer overflow condition which will either crash the application or allow for arbitrary code to be executed, depending on the data entered.

Cut and paste the following into a M3U file:

EXTM3U
#EXTINF:<string of of over 280 characters>

来源:XF
名称:winamp-playlist-parser-bo
链接:http://xforce.iss.net/static/4956.php
来源:www.winamp.com
链接:http://www.winamp.com/getwinamp/newfeatures.jhtml
来源:BID
名称:1496
链接:http://www.securityfocus.com/bid/1496
来源:BUGTRAQ
名称:20000720WinampM3Uplaylistparserbufferoverflowsecurityvulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html