According to Bitdefender Research, a buffer overflow vulnerability in BS.Player 2.57 that was identified in 2010is still present in the current 2.68 version.
Bitdefender Research says a buffer overflow can be triggered by a .m3u file containing a long URL. The problem is that one of BS.Player's modules copies the URL into a stack-allocated buffer without first checking that it can fit (bounds checking).
The vulnerability can be exploited on Windows XP and Windows 7 - but not on Windows 8 as Structured Exception Handler Overwrite Protection is enabled by default.
Bitdefender pointed out that buffer overflow exploits are often missed by security software as the code being executed appears to be part of a known, legitimate application.
So "A little caution can go a long way and as such, it is best to avoid opening email attachments from suspect sources or clicking on strange links received either via email or social networks."