Multiple vulnerabilities have been discovered in the favorite lossless audio format, FLAC, that allow the potential of remote code execution through unpatched media players including Foobar2000 (but not Winamp 5.5). For those who enjoy freely distributed concert bootlegs in lossless format, as supported by the originating musicians, or other contents from other sources, this is a new risk.

US-CERT Notice (http://www.kb.cert.org/vuls/id/544656)

SecurityFocus BugTraq (http://www.securityfocus.com/archive/1/483765/30/0/threaded)

- JP

DB Power amp has fixed this in their Beta.
Foobar is still vulnerable.
Note that this does NOT affect stuff you have ripped, only something your might get from a third party.