Xunlei: Security Vulnerabilities
Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitrary code via a crafted file, related to a "DLL injection vulnerability."
CVSS Score
7.5
EPSS Score
0.019
Published
2012-04-11
Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information.
CVSS Score
6.0
EPSS Score
0.121
Published
2007-11-27
Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party information.
CVSS Score
6.8
EPSS Score
0.054
Published
2007-09-24
The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods.
CVSS Score
9.3
EPSS Score
0.006
Published
2007-06-20