Summary
This host is installed with Winamp and is prone to multiple Buffer Overflow vulnerabilities.
Impact
Attacker may leverage this issue by executing arbitrary codes in the context of the affected application and can cause denial of service.
Impact Level: System/Application
Solution
Upgrade to the version 5.57,
http://www.winamp.com/player
Insight
Multiple flaws are due to:
- Boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) when parsing instrument definitions, samples or Ultratracker files.
- An integer overflow error in the Module Decoder Plug-in when parsing crafted Oktalyzer PNG or JPEG Files.
Affected
Winamp version prior to 5.57 on Windows.
References
- http://forums.winamp.com/showthread.php?threadid=315355
- http://secunia.com/advisories/37495
- http://secunia.com/secunia_research/2009-56
- http://www.securityfocus.com/archive/1/archive/1/508528/100/0/threaded
- http://www.vupen.com/english/advisories/2009/3575
- http://www.vupen.com/english/advisories/2009/3576
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3995, CVE-2009-3996, CVE-2009-3997, CVE-2009-4356 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities