Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.