• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX Control Arbitrary File Download Vulnerability

Xunlei Web Thunder ThunderServer.WebThunder.1 ActiveX control is prone to an arbitrary-file-download vulnerability.

An attacker may exploit this issue by enticing victims into visiting a maliciously crafted webpage.

Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer.

Symantec DeepSight has identified this issue as being actively exploited in the wild in at least one website.