Lucene search

[email protected]NVD:CVE-2009-3995

HistoryDec 18, 2009 - 6:30 p.m.

CVE-2009-3995

2009-12-1818:30:00

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.199 Low

EPSS

Percentile

96.4%

JSON

Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

nullsoftwinampRange≤5.56

nullsoftwinampMatch0.20a

nullsoftwinampMatch0.92

nullsoftwinampMatch1.006

nullsoftwinampMatch1.90

nullsoftwinampMatch2.0

nullsoftwinampMatch2.4

nullsoftwinampMatch2.5e

nullsoftwinampMatch2.6

nullsoftwinampMatch2.6x

nullsoftwinampMatch2.7x

nullsoftwinampMatch2.9

nullsoftwinampMatch2.10

nullsoftwinampMatch2.24

nullsoftwinampMatch2.50

nullsoftwinampMatch2.60

nullsoftwinampMatch2.60full

nullsoftwinampMatch2.60lite

nullsoftwinampMatch2.61

nullsoftwinampMatch2.61full

nullsoftwinampMatch2.62

nullsoftwinampMatch2.62standard

nullsoftwinampMatch2.64

nullsoftwinampMatch2.64standard

nullsoftwinampMatch2.65

nullsoftwinampMatch2.70

nullsoftwinampMatch2.70full

nullsoftwinampMatch2.71

nullsoftwinampMatch2.72

nullsoftwinampMatch2.73

nullsoftwinampMatch2.73full

nullsoftwinampMatch2.74

nullsoftwinampMatch2.75

nullsoftwinampMatch2.76

nullsoftwinampMatch2.77

nullsoftwinampMatch2.78

nullsoftwinampMatch2.79

nullsoftwinampMatch2.80

nullsoftwinampMatch2.81

nullsoftwinampMatch2.90

nullsoftwinampMatch2.91

nullsoftwinampMatch2.92

nullsoftwinampMatch2.95

nullsoftwinampMatch3.0

nullsoftwinampMatch3.1

nullsoftwinampMatch5.0

nullsoftwinampMatch5.0.1

nullsoftwinampMatch5.0.2

nullsoftwinampMatch5.01

nullsoftwinampMatch5.1

nullsoftwinampMatch5.1-surround

nullsoftwinampMatch5.02

nullsoftwinampMatch5.2

nullsoftwinampMatch5.3

nullsoftwinampMatch5.03

nullsoftwinampMatch5.03a

nullsoftwinampMatch5.04

nullsoftwinampMatch5.05

nullsoftwinampMatch5.5

nullsoftwinampMatch5.06

nullsoftwinampMatch5.07

nullsoftwinampMatch5.08

nullsoftwinampMatch5.08c

nullsoftwinampMatch5.08d

nullsoftwinampMatch5.08e

nullsoftwinampMatch5.08c

nullsoftwinampMatch5.08d

nullsoftwinampMatch5.08e

nullsoftwinampMatch5.09

nullsoftwinampMatch5.11

nullsoftwinampMatch5.12

nullsoftwinampMatch5.13

nullsoftwinampMatch5.21

nullsoftwinampMatch5.22

nullsoftwinampMatch5.23

nullsoftwinampMatch5.24

nullsoftwinampMatch5.31

nullsoftwinampMatch5.32

nullsoftwinampMatch5.33

nullsoftwinampMatch5.34

nullsoftwinampMatch5.35

nullsoftwinampMatch5.36

nullsoftwinampMatch5.51

nullsoftwinampMatch5.52

nullsoftwinampMatch5.53

nullsoftwinampMatch5.54

nullsoftwinampMatch5.55

nullsoftwinampMatch5.091

nullsoftwinampMatch5.093

nullsoftwinampMatch5.094

nullsoftwinampMatch5.111

nullsoftwinampMatch5.112

nullsoftwinampMatch5.531

nullsoftwinampMatch5.541

nullsoftwinampMatch5.551

nullsoftwinampMatch5.552

raphael_assenatlibmikmodMatch3.1.12

References

forums.winamp.com/showthread.php?threadid=315355

lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

secunia.com/advisories/37495

secunia.com/advisories/40799

secunia.com/secunia_research/2009-52/

secunia.com/secunia_research/2009-53/

secunia.com/secunia_research/2009-55/

www.mandriva.com/security/advisories?name=MDVSA-2010:151

www.securityfocus.com/archive/1/508526/100/0/threaded

www.securityfocus.com/archive/1/508527/100/0/threaded

www.securityfocus.com/bid/37374

www.vupen.com/english/advisories/2009/3575

www.vupen.com/english/advisories/2010/1107

www.vupen.com/english/advisories/2010/1957

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.199 Low

EPSS

Percentile

96.4%

JSON

Related for NVD:CVE-2009-3995

securityvulns6 cvelist3 veracode1 cve3 ubuntucve4 debiancve3 prion3 nessus17 openvas23 nvd2 fedora2 debian2 osv1 seebug1 redhat1 oraclelinux1 centos1 altlinux1 ubuntu1