Heap-based Buffer Overflow in Winamp's Module Decoder Plug-in
CVE-2009-3996

Currently unrated

Key Information:

Vendor

Nullsoft

Status
Winamp
LIBMikmod
Vendor
CVE Published:
18 December 2009

What is CVE-2009-3996?

The vulnerability involves a heap-based buffer overflow in the IN_MOD.DLL, also known as the Module Decoder Plug-in, specific to Winamp versions prior to 5.57. This flaw can be exploited by remote attackers when the application processes specially crafted Ultratracker files. Successful exploitation may lead to arbitrary code execution on the user's system, potentially allowing unauthorized access or control over the affected device.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://forums.winamp.com/showthread.php?threadid=315355
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1107
vdb-entryx_refsource_VUPEN

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.