Published:2010/08/20 Last Updated:2010/08/20

JVN#91740962
Winny vulnerable to buffer overflow
Critical

Overview

Winny contains a buffer overflow vulnerability.

Products Affected

Winny 2.0b7.1 and earlier

Description

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability.

This vulnerability is different from JVN#21471805 and JVN#74294680.

Impact

A remote attacker may be able to execute arbitary code.

Solution

Do not use Winny
Please discontinue use of Winny.

Vendor Status

References

JPCERT/CC Addendum

According to the attorney of the developer, due to the on-going litigation, there is no timetable for an update as of August 20, 2010.

Vulnerability Analysis by JPCERT/CC

Credit

Moti Joseph and Kobi Pariente reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2010-2360
JVN iPedia	JVNDB-2010-000030

JVN
HOME
What is JVN ?
Instructions
List of Vulnerability Report
VN_JP
VN_JP(Unreachable)
VN_VU
TA
TRnotes
JVN iPedia
MyJVN
JVNJS/RSS
Vendor List
List of unreachable developers
Contact

JVN#91740962 Winny vulnerable to buffer overflow Critical