GEN:SID 1:2240
Message WEB-MISC changepw.exe access
Summary This event is generated when an attempt is made to exploit a known
vulnerability in PDGSoft Shopping Cart.
Impact Serious. Execution of arbitrary code is possible.
Detailed Information Certain versions of PDGSoft Shopping Cart suffer from a buffer overflow
condition that can present an attacker with the opportunity to execute
arbitrary code of their choosing.

The vulnerable executable files are redirect.exe and changepw.exe, which
can be accessed via the web interface.
Affected Systems PDGSoft Shopping Cart 1.50
Attack Scenarios The attacker needs to supply an overly long string to either of the
affected executables.
Ease of Attack Simple. No exploit software required.
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References Bugtraq:
http://www.securityfocus.com/bid/1256
Rule References bugtraq: 1256
cve: 2000-0401