Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.
https://www.exploit-db.com/exploits/5079
http://www.vupen.com/english/advisories/2008/0438
http://www.vupen.com/english/advisories/2008/0409
http://www.securitytracker.com/id?1019300
http://www.securityfocus.com/archive/1/487575/100/0/threaded
http://www.securityfocus.com/archive/1/487508/100/0/threaded
http://securityreason.com/securityalert/3619