There is a buffer overflow vulnerability in an ActiveX control that is part of Xunlei Web Thunder 22.214.171.1244. It may allow remote attackers to execute arbitrary code via a long first argument to the DownURL2 method.
Xunlei Web Thunder 126.96.36.1994
System compromise, remote code execution.
Currently we are not aware of any vendor supplied patches for this issue.