CVE-2010-3137

Name of the Vulnerable Software and Affected Versions Nullsoft Winamp version 5.581, and probably other versions

Description The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This can be achieved via a Trojan horse wnaspi32.dll located in the same folder as certain file types, including .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf, or .cda files.

Recommendations For Nullsoft Winamp version 5.581, consider removing or restricting access to the wnaspi32.dll file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.