HighCheck or Attack Name: WinSample
The win-c-sample.exe program included with O'Reilly WebSite versions previous to 2.0 contains a buffer overflow that could allow a remote attacker to execute arbitrary commands on the server. The commands will be executed with the privileges of the user owning the server process.
Remove the win-c-sample.exe program from the CGI-SHL directory and upgrade to the latest version of WebSite.
O'Reilly Software, WebSite and WebSite Professional Updates, http://software.ora.com/techsupport/software/support_library_ws_frame.html
The NT Shop, WebSite v1.1e for Windows NT and '95 vulnerable in the example CGI programs, http://www.ntsecurity.net/security/website.htm
