ID de Prueba:	1.3.6.1.4.1.25623.1.0.901085
Categoría:	Buffer overflow
Título:	Winamp Module Decoder Plug-in Multiple Buffer Overflow Vulnerabilities
Resumen:	Winamp is prone to multiple Buffer Overflow vulnerabilities.
Descripción:	Summary: Winamp is prone to multiple Buffer Overflow vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) when parsing instrument definitions, samples or Ultratracker files. - An integer overflow error in the Module Decoder Plug-in when parsing crafted Oktalyzer PNG or JPEG Files. Vulnerability Impact: Attacker may leverage this issue by executing arbitrary codes in the context of the affected application and can cause denial of service. Affected Software/OS: Winamp version prior to 5.57 on Windows. Solution: Upgrade to the version 5.57. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3995 BugTraq ID: 37374 http://www.securityfocus.com/bid/37374 Bugtraq: 20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows (Google Search) http://www.securityfocus.com/archive/1/508527/100/0/threaded Bugtraq: 20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/508526/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2010:151 http://secunia.com/secunia_research/2009-52/ http://secunia.com/secunia_research/2009-53/ http://secunia.com/secunia_research/2009-55/ http://secunia.com/advisories/37495 http://secunia.com/advisories/40799 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.vupen.com/english/advisories/2009/3575 http://www.vupen.com/english/advisories/2010/1107 http://www.vupen.com/english/advisories/2010/1957 Common Vulnerability Exposure (CVE) ID: CVE-2009-3996 Bugtraq: 20091217 Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/508528/100/0/threaded http://secunia.com/secunia_research/2009-56/ Common Vulnerability Exposure (CVE) ID: CVE-2009-3997 Bugtraq: 20091217 Secunia Research: Winamp Oktalyzer Parsing Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/508524/100/0/threaded http://secunia.com/secunia_research/2009-57/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15715 Common Vulnerability Exposure (CVE) ID: CVE-2009-4356 BugTraq ID: 37387 http://www.securityfocus.com/bid/37387 Bugtraq: 20091217 VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/508532/100/0/threaded http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743 http://www.vupen.com/english/advisories/2009/3576
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.