Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Nullsoft Winamp 5.541
Nullsoft Winamp 5.531
Nullsoft Winamp 5.112
Nullsoft Winamp 5.111
Nullsoft Winamp 5.094
Nullsoft Winamp 5.093
Nullsoft Winamp 5.091
Nullsoft Winamp 5.56
Nullsoft Winamp 5.55
Nullsoft Winamp 5.54
Nullsoft Winamp 5.53
Nullsoft Winamp 5.52
Nullsoft Winamp 5.51
Nullsoft Winamp 5.36
Nullsoft Winamp 5.35
Nullsoft Winamp 5.34
Nullsoft Winamp 5.33
Nullsoft Winamp 5.32
Nullsoft Winamp 5.31
Nullsoft Winamp 5.24
Nullsoft Winamp 5.23
Nullsoft Winamp 5.22
Nullsoft Winamp 5.21
Nullsoft Winamp 5.13
Nullsoft Winamp 5.12
Nullsoft Winamp 5.11
Nullsoft Winamp 5.09
Nullsoft Winamp 5.08e
Nullsoft Winamp 5.08d
Nullsoft Winamp 5.08c
Nullsoft Winamp 5.08 E (not an official CPE)
Nullsoft Winamp 5.08 D (not an official CPE)
Nullsoft Winamp 5.08 C (not an official CPE)
Nullsoft Winamp 5.08 (not an official CPE)
Nullsoft Winamp 5.07
Nullsoft Winamp 5.06
Nullsoft Winamp 5.5
Nullsoft Winamp 5.04
Nullsoft Winamp 5.03a (not an official CPE)
Nullsoft Winamp 5.03
Nullsoft Winamp 5.02
Nullsoft Winamp 5.1 Surround Edition
Nullsoft Winamp 5.01
Nullsoft Winamp 5.0.2 (not an official CPE)
Nullsoft Winamp 5.0.1 (not an official CPE)
Nullsoft Winamp 5.0
Nullsoft Winamp 3.1 (not an official CPE)
Nullsoft Winamp 3.0 (not an official CPE)
Nullsoft Winamp 2.95
Nullsoft Winamp 2.92
Nullsoft Winamp 2.91
Nullsoft Winamp 2.90 (not an official CPE)
Nullsoft Winamp 2.81 (not an official CPE)
Nullsoft Winamp 2.80 (not an official CPE)
Nullsoft Winamp 2.79 (not an official CPE)
Nullsoft Winamp 2.78 (not an official CPE)
Nullsoft Winamp 2.77 (not an official CPE)
Nullsoft Winamp 2.76 (not an official CPE)
Nullsoft Winamp 2.75 (not an official CPE)
Nullsoft Winamp 2.74 (not an official CPE)
Nullsoft Winamp 2.73 Full (not an official CPE)
Nullsoft Winamp 2.73 (not an official CPE)
Nullsoft Winamp 2.72 (not an official CPE)
Nullsoft Winamp 2.71 (not an official CPE)
Nullsoft Winamp 2.70 Full (not an official CPE)
Nullsoft Winamp 2.70 (not an official CPE)
Nullsoft Winamp 2.65 (not an official CPE)
Nullsoft Winamp 2.64 Standard (not an official CPE)
Nullsoft Winamp 2.64 (not an official CPE)
Nullsoft Winamp 2.62 Standard (not an official CPE)
Nullsoft Winamp 2.62 (not an official CPE)
Nullsoft Winamp 2.61 Full (not an official CPE)
Nullsoft Winamp 2.61 (not an official CPE)
Nullsoft Winamp 2.60 Lite (not an official CPE)
Nullsoft Winamp 2.60 Full (not an official CPE)
Nullsoft Winamp 2.60 (not an official CPE)
Nullsoft Winamp 2.50 (not an official CPE)
Nullsoft Winamp 2.24 (not an official CPE)
Nullsoft Winamp 2.10
Nullsoft Winamp 2.9
Nullsoft Winamp 2.7x (not an official CPE)
Nullsoft Winamp 2.6x (not an official CPE)
Nullsoft Winamp 2.6
Nullsoft Winamp 2.5e (not an official CPE)
Nullsoft Winamp 2.4 (not an official CPE)
Nullsoft Winamp 2.0
Nullsoft Winamp 1.90
Nullsoft Winamp 1.006
Nullsoft Winamp 0.92
Nullsoft Winamp 0.20a
Nullsoft Winamp 5.551
Nullsoft Winamp 5.552
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| ADV-2009-3575 | |||
| 37374 | |||
| http://forums.winamp.com/showthread.php?threadid=315355 | |||
| 20091217 Secunia Research: Winamp Oktalyzer Parsing Inte... |