Test ID:	1.3.6.1.4.1.25623.1.0.901085
Category:	Buffer overflow
Title:	Winamp Module Decoder Plug-in Multiple Buffer Overflow Vulnerabilities
Summary:	Check for the version of Winamp
Description:	Overview: This host is installed with Winamp and is prone to multiple Buffer Overflow vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) when parsing instrument definitions, samples or Ultratracker files. - An integer overflow error in the Module Decoder Plug-in when parsing crafted Oktalyzer PNG or JPEG Files. Impact: Attacker may leverage this issue by executing arbitrary codes in the context of the affected application and can cause denial of service. Impact Level: System/Application Affected Software/OS: Winamp version prior to 5.57 on Windows. Fix: Upgrade to the version 5.57, http://www.winamp.com/player References: http://secunia.com/advisories/37495 http://secunia.com/secunia_research/2009-56 http://www.vupen.com/english/advisories/2009/3575 http://www.vupen.com/english/advisories/2009/3576 http://forums.winamp.com/showthread.php?threadid=315355 http://www.securityfocus.com/archive/1/archive/1/508528/100/0/threaded
Cross-Ref:	BugTraq ID: 37374 BugTraq ID: 37387 Common Vulnerability Exposure (CVE) ID: CVE-2009-3995 Bugtraq: 20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows (Google Search) http://www.securityfocus.com/archive/1/archive/1/508527/100/0/threaded Bugtraq: 20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/archive/1/508526/100/0/threaded http://secunia.com/secunia_research/2009-52/ http://secunia.com/secunia_research/2009-53/ http://secunia.com/secunia_research/2009-55/ http://www.mandriva.com/security/advisories?name=MDVSA-2010:151 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.securityfocus.com/bid/37374 http://secunia.com/advisories/37495 http://secunia.com/advisories/40799 http://www.vupen.com/english/advisories/2009/3575 http://www.vupen.com/english/advisories/2010/1107 http://www.vupen.com/english/advisories/2010/1957 Common Vulnerability Exposure (CVE) ID: CVE-2009-3996 Bugtraq: 20091217 Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/archive/1/508528/100/0/threaded http://secunia.com/secunia_research/2009-56/ Common Vulnerability Exposure (CVE) ID: CVE-2009-3997 Bugtraq: 20091217 Secunia Research: Winamp Oktalyzer Parsing Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/508524/100/0/threaded http://secunia.com/secunia_research/2009-57/ http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15715 Common Vulnerability Exposure (CVE) ID: CVE-2009-4356 Bugtraq: 20091217 VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/archive/1/508532/100/0/threaded http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php http://www.securityfocus.com/bid/37387 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15743 http://www.vupen.com/english/advisories/2009/3576
Copyright	Copyright (C) 2009 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: