遂にWinnyの脆弱性もOSVDBに載るようになりました

Security 4月 26, 2006
(Last Updated On: 2006年4月26日)

A remote overflow exists in Winny. Winny fails to perform proper bounds checking of unspecified file transfer port commands resulting in a heap-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution in the context of the user who executed the Winny, resulting in a loss of integrity.

EEyeのアドバイザリが英語なので載ってもおかしくないですがSPAMMERに知られると即刻悪用されそうな気がします。

投稿者: yohgaki