I'm still writing about a three year old exploit because a post I wrote a long time ago continues to get traction on a monthly basis. 

When this series of vulnerabilities appeared, Metasploit modules were written soon after which gave use the ability to point and click for root.  Then somewhere along the way, the following error started to appear:  "Unable to find accessible named pipe!"  I'd initially thought that machines were patched and that prevented the execution despite their vulnerable appearance.  Then, honestly, I just didn't have the interest to care. 

The description states:  "Walkthrough of OS Command Injection. Demonstrate OS Command Injection and explain how to prevent it on your servers".

After deploying the machine and reading the first couple of paragraphs, we move into the section titled:  "Blind Command Injection".

The description states:  "Can you get past the gate and through the fire?" 

Before I jump into this, I'd like to get a couple of things out of the way.  First, If you're doing this box, I assume you can find your way to the binary.  Second, with very few Windows buffer overflow problems on the Internet, it's nice to find another to work on those skills in a controlled environment.  Add this to the short list with SLMail and Brainpan.