Loading
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
Use CWE-119, Nullsoft vendor hub and Winamp product page to widen CVE-2009-3995 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2011-4857, CVE-2011-3834 and CVE-2010-4372 for nearby disclosures in the same product family.