Reported September 24, 2003 by Jens H. Christensen.
Mondosoft MondoSearch 5.1, 5.0, and 4.4 for Windows
A vulnerability in Mondosoft MondoSearch for Windows can result in the execution of arbitrary code on the vulnerable computer. One of the default installation files, msmsetup.exe, contains a vulnerability that lets malicious users create files with user-specified content on the Web server or anywhere that the executing user (typically IUSR_xxx) has write access. For details about this vulnerability, see the discoverer's web site.
<span style="font-family:Verdana"><a href="http://www.mondosoft.com/" style="color: blue; text-decoration: underline; text-underline: single">Mondosoft</a> has released a <a href="http://www.mondosoft.com/security/" style="color: blue; text-decoration: underline; text-underline: single">patch</a> for this vulnerability.</h3>
Discovered by Jens H. Christensen.