http://www.zdnetasia.com/news/security/0,39044215,39310016,00.htm
After surfing to a malicious Web site on our test machines, the file ‘x.pls’ begins to download," Sunbelt’s Adam Thomas wrote in a posting on the anti-spyware software maker’s corporate blog. “Almost immediately, Winamp starts to execute the play list and remote code execution begins.”
