Defcom Labs Advisory def-2000-04 - Bea WebLogic Server for Windows NT prior to V5.1.0 (sp7) has a remotely exploitable buffer overflow in the handling of URL's which start with two dots. Arbitrary code can be executed as LocalSystem. Fix available here.
1c0de5ec329656e24655156e39a44ee2e64f733317110e581319f00cbc00b4ba