Published:2010/08/20  Last Updated:2010/08/20

JVN#21471805
Winny vulnerable to buffer overflow
Critical

Overview

Winny contains a buffer overflow vulnerability.

Products Affected

  • Winny 2.0b7.1 and earlier

Description

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability.

This vulnerability is different from JVN#91740962 and JVN#74294680.

Impact

A remote attacker may be able to execute arbitary code.

Solution

Do not use Winny
Please discontinue use of Winny.

Vendor Status

References

JPCERT/CC Addendum

According to the attorney of the developer, due to the on-going litigation, there is no timetable for an update as of August 20, 2010.

Vulnerability Analysis by JPCERT/CC

Credit

Makoto Iwamura of NTT Information Sharing Platform Laboratories reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Moti Joseph and Kobi Pariente reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2010-2360
JVN iPedia JVNDB-2010-000029