Orbit downloader is vulnerable to a buffer overflow attack, which can be exploited by malicious remote attackers to execute arbitrary code. The vulnerability is due to Orbit not properly converting an URL ascii string to unicode. This can be exploited to execute arbitrary code by downloading a file from a specially crafted URL.

http://www.securiteam.com/windowsntf...TP011PO1C.html