O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe.Referenceshttp://marc.info/?l=bugtraq&m=96715834610888&w=2http://www.securityfocus.com/bid/1611
