Xunlei Thunder prior to 7.2.6 allows remote malicious users to execute arbitrary code via a crafted file, related to a "DLL injection vulnerability."
xunlei thunder 7.2.6