Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10983
http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html