Midi-Plugin program "YAMAHA MidiPlug 1.10b" for Windows IE4/5 contains the buffer overflow bug. If the long "TEXT" variable is specified in EMBED tag, the buffer overflow occurs. If attacker sets the exploit on the webpage, visitor's host will be cracked by the any instructions written in the "TEXT" variable. here is a demo site which is generated by this exploit as demonstration. if this plugin is installed and the setting of ActiveX is default, "c:\windows\welcome.exe" will be executed(it's for Japanese Windows98 only).