Lucene search
HistoryDec 18, 2009 - 7:30 p.m.
CVE-2009-3996
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
Low
EPSS
0.192
Percentile
96.3%
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
Affected configurations
Node
nullsoftwinampRangeβ€5.56
ORnullsoftwinampMatch0.20a
ORnullsoftwinampMatch0.92
ORnullsoftwinampMatch1.006
ORnullsoftwinampMatch1.90
ORnullsoftwinampMatch2.0
ORnullsoftwinampMatch2.4
ORnullsoftwinampMatch2.5e
ORnullsoftwinampMatch2.6
ORnullsoftwinampMatch2.6x
ORnullsoftwinampMatch2.7x
ORnullsoftwinampMatch2.9
ORnullsoftwinampMatch2.10
ORnullsoftwinampMatch2.24
ORnullsoftwinampMatch2.50
ORnullsoftwinampMatch2.60
ORnullsoftwinampMatch2.60full
ORnullsoftwinampMatch2.60lite
ORnullsoftwinampMatch2.61
ORnullsoftwinampMatch2.61full
ORnullsoftwinampMatch2.62
ORnullsoftwinampMatch2.62standard
ORnullsoftwinampMatch2.64
ORnullsoftwinampMatch2.64standard
ORnullsoftwinampMatch2.65
ORnullsoftwinampMatch2.70
ORnullsoftwinampMatch2.70full
ORnullsoftwinampMatch2.71
ORnullsoftwinampMatch2.72
ORnullsoftwinampMatch2.73
ORnullsoftwinampMatch2.73full
ORnullsoftwinampMatch2.74
ORnullsoftwinampMatch2.75
ORnullsoftwinampMatch2.76
ORnullsoftwinampMatch2.77
ORnullsoftwinampMatch2.78
ORnullsoftwinampMatch2.79
ORnullsoftwinampMatch2.80
ORnullsoftwinampMatch2.81
ORnullsoftwinampMatch2.90
ORnullsoftwinampMatch2.91
ORnullsoftwinampMatch2.92
ORnullsoftwinampMatch2.95
ORnullsoftwinampMatch3.0
ORnullsoftwinampMatch3.1
ORnullsoftwinampMatch5.0
ORnullsoftwinampMatch5.0.1
ORnullsoftwinampMatch5.0.2
ORnullsoftwinampMatch5.01
ORnullsoftwinampMatch5.1
ORnullsoftwinampMatch5.1-surround
ORnullsoftwinampMatch5.02
ORnullsoftwinampMatch5.2
ORnullsoftwinampMatch5.3
ORnullsoftwinampMatch5.03
ORnullsoftwinampMatch5.03a
ORnullsoftwinampMatch5.04
ORnullsoftwinampMatch5.05
ORnullsoftwinampMatch5.5
ORnullsoftwinampMatch5.06
ORnullsoftwinampMatch5.07
ORnullsoftwinampMatch5.08
ORnullsoftwinampMatch5.08c
ORnullsoftwinampMatch5.08d
ORnullsoftwinampMatch5.08e
ORnullsoftwinampMatch5.08c
ORnullsoftwinampMatch5.08d
ORnullsoftwinampMatch5.08e
ORnullsoftwinampMatch5.09
ORnullsoftwinampMatch5.11
ORnullsoftwinampMatch5.12
ORnullsoftwinampMatch5.13
ORnullsoftwinampMatch5.21
ORnullsoftwinampMatch5.22
ORnullsoftwinampMatch5.23
ORnullsoftwinampMatch5.24
ORnullsoftwinampMatch5.31
ORnullsoftwinampMatch5.32
ORnullsoftwinampMatch5.33
ORnullsoftwinampMatch5.34
ORnullsoftwinampMatch5.35
ORnullsoftwinampMatch5.36
ORnullsoftwinampMatch5.51
ORnullsoftwinampMatch5.52
ORnullsoftwinampMatch5.53
ORnullsoftwinampMatch5.54
ORnullsoftwinampMatch5.55
ORnullsoftwinampMatch5.091
ORnullsoftwinampMatch5.093
ORnullsoftwinampMatch5.094
ORnullsoftwinampMatch5.111
ORnullsoftwinampMatch5.112
ORnullsoftwinampMatch5.531
ORnullsoftwinampMatch5.541
ORnullsoftwinampMatch5.551
ORnullsoftwinampMatch5.552
ORraphael_assenatlibmikmodMatch3.1.12
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nullsoft | winamp | * | cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:* |
| nullsoft | winamp | 0.20a | cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:* |
| nullsoft | winamp | 0.92 | cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:* |
| nullsoft | winamp | 1.006 | cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:* |
| nullsoft | winamp | 1.90 | cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.0 | cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.4 | cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.5e | cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.6 | cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:* |
| nullsoft | winamp | 2.6x | cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:* |
References
forums.winamp.com/showthread.php?threadid=315355
lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
secunia.com/advisories/37495
secunia.com/secunia_research/2009-55/
secunia.com/secunia_research/2009-56/
www.mandriva.com/security/advisories?name=MDVSA-2010:151
www.securityfocus.com/archive/1/508528/100/0/threaded
www.securityfocus.com/bid/37374
www.vupen.com/english/advisories/2009/3575
www.vupen.com/english/advisories/2010/1107
Related
prion
prion
Heap overflow
2009-12-18 19:30:00
securityvulns
securityvulns
Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow
2009-12-17 00:00:00
Secunia Research: libmikmod Module Parsing Vulnerabilities
2010-02-08 00:00:00
libmikmod multiple buffer overflows
2010-08-14 00:00:00
debiancve
debiancve
CVE-2009-3996
2009-12-18 19:30:00
cvelist
cvelist
CVE-2009-3996
2009-12-18 19:00:00
cve
cve
CVE-2009-3996
2009-12-18 19:30:00
openvas
openvas
Fedora Update for libmikmod FEDORA-2010-13702
2010-09-10 00:00:00
Debian: Security Advisory (DSA-2071-1)
2010-07-22 00:00:00
Debian Security Advisory DSA 2071-1 (libmikmod)
2010-07-22 00:00:00
ubuntucve
ubuntucve
CVE-2009-3996
2009-12-18 00:00:00
debian
debian
[SECURITY] [DSA 2071-1] New libmikmod packages fix several vulnerabilities
2010-07-14 20:14:07
nessus
nessus
openSUSE Security Update : libmikmod (openSUSE-SU-2010:0209-1)
2010-05-05 00:00:00
openSUSE Security Update : libmikmod (openSUSE-SU-2010:0209-1)
2010-05-05 00:00:00
Fedora 13 : libmikmod-3.2.0-11.beta2.fc13 (2010-13702)
2010-09-09 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: libmikmod-3.2.0-11.beta2.fc14
2010-09-08 04:36:46
[SECURITY] Fedora 13 Update: libmikmod-3.2.0-11.beta2.fc13
2010-09-09 01:12:11
centos
centos
mikmod security update
2010-09-29 09:47:44
oraclelinux
oraclelinux
mikmod security update
2010-09-28 00:00:00
seebug
seebug
Winamp樑ε解η ε¨ζδ»Άε€δΈͺηΌε²εΊζΊ’εΊζΌζ΄
2009-12-18 00:00:00
redhat
redhat
(RHSA-2010:0720) Moderate: mikmod security update
2010-09-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package libmikmod version 3.1.11-alt0.8
2010-08-26 00:00:00
ubuntu
ubuntu
libMikMod vulnerabilities
2010-09-29 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
Low
EPSS
0.192
Percentile
96.3%
Related for NVD:CVE-2009-3996