LogonTracer 1.2.0 and previous versions allows remote malicious users to execute arbitrary OS commands via unspecified vectors.
jpcert logontracer