Heap-based Buffer Overflow in Winamp's Module Decoder Plug-in
CVE-2009-3996

Currently unrated

Key Information:

Vendor

Nullsoft

Status
Winamp
LIBMikmod
Vendor
CVE Published:
18 December 2009

What is CVE-2009-3996?

The vulnerability involves a heap-based buffer overflow in the IN_MOD.DLL, also known as the Module Decoder Plug-in, specific to Winamp versions prior to 5.57. This flaw can be exploited by remote attackers when the application processes specially crafted Ultratracker files. Successful exploitation may lead to arbitrary code execution on the user's system, potentially allowing unauthorized access or control over the affected device.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://forums.winamp.com/showthread.php?threadid=315355
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1107
vdb-entryx_refsource_VUPEN

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.