COMMAND

	Bpm studio pro http service DoS and system files access

SYSTEMS AFFECTED

	Bpm studio pro 4.2

PROBLEM

	][-][UNTER of Infobyte Security Research Crew posted :
	

	when you perform a simple http request like:
	

	http://BPM-HOST/con/con

	

	you can crash instantly  non-patched  Win9x  host  with  a  simple  Blue
	Screen !!
	

	Anyone can download any file in some host running this  software  simply
	like performing this http request :
	

	http://BPM-HOST/../../../../autoexec.bat

	

SOLUTION

	Disable http daemon