Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Nullsoft WinAmp
Опубликовано:17 декабря 2009 г.
Источник:
SecurityVulns ID:10480
Тип:клиент
Уровень опасности:
7/10
Описание:Переполнения буфера и целочисленные переполнения при разборе файлов Oktalyzer, Ultratracker, Impulse Tracker, JPEG, PNG.
Затронутые продукты:NULLSOFT : Winamp 5.56
CVE:CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow.)
 CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.)
 CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities (17.12.2009)
 documentSECUNIA, Secunia Research: Winamp Oktalyzer Parsing Integer Overflow Vulnerability (17.12.2009)
 documentSECUNIA, Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow (17.12.2009)
 documentSECUNIA, Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow (17.12.2009)
 documentSECUNIA, Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows (17.12.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород