A remote overflow exists in Winny. Winny fails to perform proper bounds checking of unspecified file transfer port commands resulting in a heap-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution in the context of the user who executed the Winny, resulting in a loss of integrity.
EEyeのアドバイザリが英語なので載ってもおかしくないですがSPAMMERに知られると即刻悪用されそうな気がします。
