i reported this vuln to winamp.com 7 months ago and it was never fixed i never released full advisory on it.