Test ID:	1.3.6.1.4.1.25623.1.0.901085
Category:	Buffer overflow
Title:	Winamp Module Decoder Plug-in Multiple Buffer Overflow Vulnerabilities
Summary:	Winamp is prone to multiple Buffer Overflow vulnerabilities.
Description:	Summary: Winamp is prone to multiple Buffer Overflow vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) when parsing instrument definitions, samples or Ultratracker files. - An integer overflow error in the Module Decoder Plug-in when parsing crafted Oktalyzer PNG or JPEG Files. Vulnerability Impact: Attacker may leverage this issue by executing arbitrary codes in the context of the affected application and can cause denial of service. Affected Software/OS: Winamp version prior to 5.57 on Windows. Solution: Upgrade to the version 5.57. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3995 BugTraq ID: 37374 http://www.securityfocus.com/bid/37374 Bugtraq: 20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows (Google Search) http://www.securityfocus.com/archive/1/508527/100/0/threaded Bugtraq: 20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/508526/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2010:151 http://secunia.com/secunia_research/2009-52/ http://secunia.com/secunia_research/2009-53/ http://secunia.com/secunia_research/2009-55/ http://secunia.com/advisories/37495 http://secunia.com/advisories/40799 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.vupen.com/english/advisories/2009/3575 http://www.vupen.com/english/advisories/2010/1107 http://www.vupen.com/english/advisories/2010/1957 Common Vulnerability Exposure (CVE) ID: CVE-2009-3996 Bugtraq: 20091217 Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/508528/100/0/threaded http://secunia.com/secunia_research/2009-56/ Common Vulnerability Exposure (CVE) ID: CVE-2009-3997 Bugtraq: 20091217 Secunia Research: Winamp Oktalyzer Parsing Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/508524/100/0/threaded http://secunia.com/secunia_research/2009-57/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15715 Common Vulnerability Exposure (CVE) ID: CVE-2009-4356 BugTraq ID: 37387 http://www.securityfocus.com/bid/37387 Bugtraq: 20091217 VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/508532/100/0/threaded http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743 http://www.vupen.com/english/advisories/2009/3576
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.