Test Kennung:	1.3.6.1.4.1.25623.1.0.901085
Kategorie:	Buffer overflow
Titel:	Winamp Module Decoder Plug-in Multiple Buffer Overflow Vulnerabilities
Zusammenfassung:	This host is installed with Winamp and is prone to multiple Buffer; Overflow vulnerabilities.
Beschreibung:	Summary: This host is installed with Winamp and is prone to multiple Buffer Overflow vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) when parsing instrument definitions, samples or Ultratracker files. - An integer overflow error in the Module Decoder Plug-in when parsing crafted Oktalyzer PNG or JPEG Files. Vulnerability Impact: Attacker may leverage this issue by executing arbitrary codes in the context of the affected application and can cause denial of service. Affected Software/OS: Winamp version prior to 5.57 on Windows. Solution: Upgrade to the version 5.57. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 37374 BugTraq ID: 37387 Common Vulnerability Exposure (CVE) ID: CVE-2009-3995 http://www.securityfocus.com/bid/37374 Bugtraq: 20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows (Google Search) http://www.securityfocus.com/archive/1/508527/100/0/threaded Bugtraq: 20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/508526/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2010:151 http://secunia.com/secunia_research/2009-52/ http://secunia.com/secunia_research/2009-53/ http://secunia.com/secunia_research/2009-55/ http://secunia.com/advisories/37495 http://secunia.com/advisories/40799 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.vupen.com/english/advisories/2009/3575 http://www.vupen.com/english/advisories/2010/1107 http://www.vupen.com/english/advisories/2010/1957 Common Vulnerability Exposure (CVE) ID: CVE-2009-3996 Bugtraq: 20091217 Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/508528/100/0/threaded http://secunia.com/secunia_research/2009-56/ Common Vulnerability Exposure (CVE) ID: CVE-2009-3997 Bugtraq: 20091217 Secunia Research: Winamp Oktalyzer Parsing Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/508524/100/0/threaded http://secunia.com/secunia_research/2009-57/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15715 Common Vulnerability Exposure (CVE) ID: CVE-2009-4356 http://www.securityfocus.com/bid/37387 Bugtraq: 20091217 VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/508532/100/0/threaded http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743 http://www.vupen.com/english/advisories/2009/3576
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.