There is a buffer overflow vulnerability in an ActiveX control that is part of Xunlei Web Thunder 220.127.116.114. It may allow remote attackers to execute arbitrary code via a long first argument to the DownURL2 method.
Xunlei Web Thunder 18.104.22.1684
System compromise, remote code execution.
Currently we are not aware of any vendor supplied patches for this issue.