CVE-2009-3996

Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.

Published: Dec 18, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3996
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
nullsoft / winamp	2.6x	2.6x.x
nullsoft / winamp	5.093	5.093.x
nullsoft / winamp	2.64	2.64.x
nullsoft / winamp	5.552	5.552.x
nullsoft / winamp	5.36	5.36.x
nullsoft / winamp	5.24	5.24.x
nullsoft / winamp	2.62	2.62.x
nullsoft / winamp	5.111	5.111.x
nullsoft / winamp	2.24	2.24.x
nullsoft / winamp	0.92	0.92.x
nullsoft / winamp	5.09	5.09.x
nullsoft / winamp	2.6	2.6.x
nullsoft / winamp	2.70	2.70.x
nullsoft / winamp	2.9	2.9.x
nullsoft / winamp	2.50	2.50.x
nullsoft / winamp	5.31	5.31.x
nullsoft / winamp	5.05	5.05.x
nullsoft / winamp	2.72	2.72.x
nullsoft / winamp	5.23	5.23.x
nullsoft / winamp	2.73	2.73.x
nullsoft / winamp	2.90	2.90.x
raphael_assenat / libmikmod	3.1.12	3.1.12.x
nullsoft / winamp	2.60	2.60.x
nullsoft / winamp	0.20a	0.20a.x
nullsoft / winamp	2.61	2.61.x
nullsoft / winamp	5.112	5.112.x
nullsoft / winamp	2.75	2.75.x
nullsoft / winamp	5.02	5.02.x
nullsoft / winamp	5.551	5.551.x
nullsoft / winamp	5.01	5.01.x
nullsoft / winamp	5.53	5.53.x
nullsoft / winamp	5.531	5.531.x
nullsoft / winamp	5.33	5.33.x
nullsoft / winamp	2.65	2.65.x
nullsoft / winamp	5.54	5.54.x
nullsoft / winamp	5.5	5.5.x
nullsoft / winamp	5.34	5.34.x
nullsoft / winamp	5.0.2	5.0.2.x
nullsoft / winamp	3.1	3.1.x
nullsoft / winamp	5.12	5.12.x
nullsoft / winamp	5.08-d	5.08-d.x
nullsoft / winamp	2.76	2.76.x
nullsoft / winamp	2.80	2.80.x
nullsoft / winamp	2.91	2.91.x
nullsoft / winamp	5.21	5.21.x
nullsoft / winamp	5.094	5.094.x
nullsoft / winamp	5.1	5.1.x
nullsoft / winamp	2.74	2.74.x
nullsoft / winamp	5.3	5.3.x
nullsoft / winamp	5.55	5.55.x
nullsoft / winamp	2.71	2.71.x
nullsoft / winamp	5.08-e	5.08-e.x
nullsoft / winamp	5.04	5.04.x
nullsoft / winamp	5.03a	5.03a.x
nullsoft / winamp	5.32	5.32.x
nullsoft / winamp	1.90	1.90.x
nullsoft / winamp	2.78	2.78.x
nullsoft / winamp	2.81	2.81.x
nullsoft / winamp	5.08d	5.08d.x
nullsoft / winamp	-	5.56.x
nullsoft / winamp	5.08	5.08.x
nullsoft / winamp	1.006	1.006.x
nullsoft / winamp	5.0.1	5.0.1.x
nullsoft / winamp	2.77	2.77.x
nullsoft / winamp	5.11	5.11.x
nullsoft / winamp	2.5e	2.5e.x
nullsoft / winamp	2.4	2.4.x
nullsoft / winamp	5.51	5.51.x
nullsoft / winamp	5.06	5.06.x
nullsoft / winamp	5.541	5.541.x
nullsoft / winamp	2.0	2.0.x
nullsoft / winamp	5.07	5.07.x
nullsoft / winamp	5.13	5.13.x
nullsoft / winamp	2.10	2.10.x
nullsoft / winamp	5.091	5.091.x
nullsoft / winamp	5.52	5.52.x
nullsoft / winamp	5.2	5.2.x
nullsoft / winamp	3.0	3.0.x
nullsoft / winamp	2.95	2.95.x
nullsoft / winamp	5.03	5.03.x
nullsoft / winamp	2.7x	2.7x.x
nullsoft / winamp	2.79	2.79.x
nullsoft / winamp	5.0	5.0.x
nullsoft / winamp	5.08e	5.08e.x
nullsoft / winamp	5.08-c	5.08-c.x
nullsoft / winamp	5.35	5.35.x
nullsoft / winamp	5.22	5.22.x
nullsoft / winamp	5.08c	5.08c.x
nullsoft / winamp	2.92	2.92.x

Vulnerability Database

CVE-2009-3996

Deep Security Visibility Without the Complexity