Computer Security

CVE-2009-3995
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-3995
StatusCandidate
DescriptionMultiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file.  NOTE: some of these details are obtained from third party information.
SeverityHigh
CVSS score9,3
CVSS vector(AV:N/AC:M/Au:N/C:C/I:C/A:C)
PhaseAssigned (20.08.2010)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3995
ReferencesBID : 37374
 BUGTRAQ : 20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows
 BUGTRAQ : 20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow
 CONFIRM : http://forums.winamp.com/showthread.php?threadid=3...
 MANDRIVA : MDVSA-2010:151
 MISC : http://secunia.com/secunia_research/2009-52/
 MISC : http://secunia.com/secunia_research/2009-53/
 MISC : http://secunia.com/secunia_research/2009-55/
 SECUNIA : 37495
 SECUNIA : 40799
 SUSE : SUSE-SR:2010:011
 VUPEN : ADV-2009-3575
 VUPEN : ADV-2010-1107
 VUPEN : ADV-2010-1957
SecurityVulns:Nullsoft WinAmp multiple security vulnerabilities
 libmikmod multiple buffer overflows
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server