Well I tried this against 1.1.3-1squeeze3 and I am not able to reproduce in 1.1.3-1squeeze5. The exploit file is in: http://www.zeroscience.mk/codes/aimp2_evil.mp3 (OSVDB ID: 62728). We can close this case. Thank you for noticing this. Best regards, Henri Salo