X

遂にWinnyの脆弱性もOSVDBに載るようになりました

(Last Updated On: )

A remote overflow exists in Winny. Winny fails to perform proper bounds checking of unspecified file transfer port commands resulting in a heap-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution in the context of the user who executed the Winny, resulting in a loss of integrity.

EEyeのアドバイザリが英語なので載ってもおかしくないですがSPAMMERに知られると即刻悪用されそうな気がします。

Categories: Security
yohgaki:
Related Post
Leave a Comment