The vulnerability is found in the latest version of Winamp 5.12. Earlier versions of the media player may also be affected, Secunia said.
Even though the security firm gave the vulnerability its highest rating for software threats, it noted that the number of people who use Winamp has declined over the years, so the scope of the problem is not as large as it once would have been.
"Winamp used to be the world's most popular MP3 player and is still quite popular, but as Windows Media Player has gotten better, some users have migrated over," said Thomas Kristensen, Secunia's chief technology officer.
Secunia is advising people to uninstall the player until America Online division Nullsoft, the maker of Winamp, develops an update for the flaw, especially as exploit code is circulating on the Internet.
"We aren't aware of any systems that have been compromised yet, but it's likely to happen since there's exploit code out," Kristensen said.
The vulnerability could be exploited when a Winamp user visits a malicious Web site and a tainted media file is launched onto the person's system. A buffer overflow is triggered, which allows the attacker to take control of the computer without being constrained by security measures, Kristensen noted.
The flaw was initially discovered by AtmacA.
The vulnerability is not the first to be found in the Winamp software. In late 2004, a highly critical flaw was found in the playlist files for the Winamp player.
