Security vulnerability in BearShare 2.2.2….

chopper used our newssubmit to tell us:

BearShare is a Windows file sharing program from Free Peers, Inc. that lets you, your friends, and everyone in the world share files. A serious security vulnerability in the product allows remote attackers to download any file on the local disk, even if it hasn’t been added to the shared list.

Vulnerable systems:

BearShare 2.2.2 and prior (Windows 95/98/ME) with its Web Site feature enabled

Ah is this why there is on the Bearshare news:

4/1/01: Older BearShare servents are correctly dropped even before the 14th of the month.

Be sure to check if you have the latest version just in case! Download new ones here: http://www.bearshare.com/download.htm. Also we heard the program is spyware (it contacts the internet without your permission?)… Could anyone test this or provide us with some prove?

Source: Newssubmit