IT security experts have uncovered a critical vulnerability in the popular Winamp media player, which could be exploited by hackers to compromise a user's system.

Security expert Brett Moore, from Security-Assessment.com, published an advisory detailing the flaw. "The vulnerability is caused due to a boundary error in the 'IN_CDDA.dll' file," it stated.

"This can be exploited in various ways to cause a stack-based buffer overflow, e.g. by tricking a user into visiting a malicious website containing a specially crafted '.m3u' playlist."

Yesterday the threat level of the flaw was raised to 'critical' after the discovery of a hacker exploit which takes advantage of the vulnerability. Successful exploitation allows execution of arbitrary code, said Moore.

The vulnerability has been reported in version 5.05 and confirmed in version 5.06. Prior versions may also be affected, according to Moore, and the flaw has not been fixed in Winamp version 5.06 contrary to vendor statements.

The best workaround for the hundred of thousands of users of the media player is to disassociate '.cda' and '.m3u' extensions from Winamp.