|CVSS SCORE||10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)|
The specific flaw exists within the way the HP Diagnostics server handles incomming packets with 0x00000000 as the first 32-bit value. The magentservice.exe process listens on port 23472 by default. It will eventually take that first dword, decrease it by one and use it as a size value to copy data into a stack buffer. The resulting stack-based buffer overflow can result in remote code execution under the system user.