Vulnerability Details : CVE-2009-3995
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
Vulnerability category: Execute code
Products affected by CVE-2009-3995
- cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-3995
9.81%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3995
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-3995
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3995
-
http://secunia.com/advisories/37495
About Secunia Research | FlexeraVendor Advisory
-
http://forums.winamp.com/showthread.php?threadid=315355
Just a moment...
-
http://secunia.com/secunia_research/2009-53/
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2009/3575
Site en constructionPatch;Vendor Advisory
-
http://secunia.com/secunia_research/2009-55/
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2010/1107
Webmail | OVH- OVHVendor Advisory
-
http://www.securityfocus.com/archive/1/508526/100/0/threaded
-
http://www.securityfocus.com/archive/1/508527/100/0/threaded
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
mandriva.com
-
http://www.vupen.com/english/advisories/2010/1957
Webmail | OVH- OVHVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:011
-
http://secunia.com/secunia_research/2009-52/
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/bid/37374
-
http://secunia.com/advisories/40799
Sign inVendor Advisory
Jump to