Yet another buffer overflow, eh?
I don't think OpenACS per se is vulnerable to an exploit of this sort. AOLserver puts the data into a temp file, which is then either stuffed into the db or copied to another file.
So ... the pertinent question is whether or not AOLserver does this in a safe manner, and whether or not the Tcl interpreter has any bugs that might be exposed when shoving large files around.
That's a general answer.
A specific answer is most likely "no" because the exploit, as described in the piece you reference, has to do with specific buffer overflows in specific implementations of PHP on specific operating systems (Solaris/Linux).
So code designed to exploit this particular bug in PHP is unlikely to do any harm on other platforms.
Whether or not the general approach might serve as a basis for designing an exploit for "our world" is another question, dependent on the things I mentioned earlier.
