SANS Critical Vulnerability Analysis Vol. 2. No. 29

"The FNDWRR.exe CGI program is a component of the Oracle Applications and E-Business Suite products, and allows web-based viewing of reports and log data. This program contains a buffer overflow vulnerability in handling overlong URLs provided in client web requests. Remote attackers can exploit the flaw to execute arbitrary code with the privileges of the vulnerable server process."

The link address is: http://www.sans.org/newsletters/cva/vol2_29.php