CVE-2009-3996: libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files

Severity: Critical

CVSS Score: 9.3

Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.