Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port.
https://exchange.xforce.ibmcloud.com/vulnerabilities/25986
http://www.vupen.com/english/advisories/2006/1486
http://www.securityfocus.com/bid/17666
http://www.kb.cert.org/vuls/id/167033
http://www.eeye.com/html/research/advisories/AD20060421.html