It may be possible to make this Cisco Secure ACS web server(login.exe) execute arbitrary code by sending it a too long login url.
Cisco has already released a patch for this problem
- Cisco VG248 login password is blank
- Cisco Prime LAN Management Solution Remote Command Execution Vulnerability
- Cisco IOS XR Software Fragmented Packets Processing Denial of Service Vulnerability
- CISCO Secure ACS Management Interface Login Overflow
- Multiple Cisco Products Multiple Remote Buffer Overflow Vulnerabilities