---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: libmikmod Module Parsing Vulnerabilities SECUNIA ADVISORY ID: SA37775 VERIFY ADVISORY: http://secunia.com/advisories/37775/ DESCRIPTION: Secunia Research has discovered some vulnerabilities in libmikmod, which can be exploited by malicious people to potentially compromise a vulnerable system. 1) Three boundary errors in load_it.c when parsing instrument definitions can be exploited to cause heap-based buffer overflows via a specially crafted Impulse Tracker (IT) file. 2) A boundary error in load_ult.c can be exploited to cause a heap-based buffer overflow via a specially crafted Ultratracker (ULT) file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are confirmed in version 3.1.12. Other versions may also be affected. SOLUTION: The vulnerabilities are fixed in the CVS repository. PROVIDED AND/OR DISCOVERED BY: Dyon Balding, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2009-55/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------